14 DAY TRIAL // After Juniper found "unauthorized code" in the source code of their ScreenOS, deployed with NetScreen firewall equipment, Cisco announced a full audit of all their products' source code.
Cisco, one of the few major companies that have ever complained about the NSA's aggressive surveillance tactics, is now taking an active step towards searching and identifying any backdoors in their products that might be similar to the one found in Juniper devices.
"Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive device information, or a bypass of security features or restrictions," said Cisco's Anthony Grieco on the company's blog.
Thus, the company's developers will go over the source code of its IOS operating system and the various firmware images it's offering to its clients with a fine-tooth comb.
Cisco looking for backdoors into its own devices
The code reviewers will be looking for undisclosed device access methods (backdoors), hardcoded or undocumented hidden account credentials, undocumented traffic diversions, or any type of covert communications initiated from the device.
Cisco has firmly stated that it has a "no backdoor" policy for its products, and has also reassured clients that, up to this point, no unauthorized code has been found in its devices.
Besides initiating the source code review process on its own, Cisco will also welcome reports from customers that find any non-standard behavior in their equipment.
Juniper backdoor has scared many industry execs
It appears that the Juniper incident has rocked the communications equipment market, and now, many companies are scrambling left and right to reassure clients that their businesses’ communications channels are safe.
While many suspected the NSA or other state-sponsored would hack one or more businesses at one point, the thought of intelligence agencies having backdoor access to their corporate networks for the past two years, anytime they wished, has scared many company execs.
It is yet unknown who benefited the most from the Juniper backdoor, but whether it was the NSA or China matters very little to companies that generally want to keep know-how and trade secrets out of the government's or their competitors' hands.