RSA have announced publically that they have been subject to an Advanced Persistant Threat and that some information related to SecurID has been lifted by the hackers.
This is all well and good making it public, but why does a Security Company which relies heavily on their single SecurID product to make money put their development work and source code on an area which is accessible to the internet.
WHY?
Cisco had a similar issue last year too. And these are two large firms which deal with Security.
Things might change now at RSA but close the stable after the horse has bolted comes to mind.
I see this time and time again and the only thing I can think off is that these guys have not done a business impact assessment of what would happen if their source code leaked. Its such a poor business practice to ignore this.
No comments:
Post a Comment