More and more, we ask technology to play critical roles in our businesses, and our lives. Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more. For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.
Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today. Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper. For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/
We foresaw the need for trustworthiness by listening to our customers, and we started early. Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper. Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.