Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security industry tainted in latest RSA revelations

Antone Gonsalves | Jan. 2, 2014
Trust in the security industry has taken a blow with a recent report that RSA was paid by the U.S. National Security Agency to provide a way to crack its encryption.

Once it was discovered the Dual EC DRBG was developed to be cracked, NIST recommended it not be used. RSA then dropped the technology from BSAFE.

Because the NSA is a top-secret organization with the job of supporting national security, companies are legally bound to remain silent on any dealings they may have with the agency. Given the tight restrictions, there is nothing a company can do if asked to cooperate with the NSA, which can only be reigned in through new laws passed by Congress.

Therefore, a company has to accept the risk when choosing a security vendor.

"The reality is that at some point you're going to have to trust someone; what you need to be careful of is who you trust, how much, and for how long," Joseph DeMesy, senior security analyst for Bishop Fox, said.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.