An interesting point raised here is the trust we have in closed source providers like Cisco and Microsoft. Although im not suggesting that everything should be open sourced, should we introduce some kind of mandatory external source review on companies products? Microsoft consistantly proves it is unworthy of our trust in the security department, so perhaps companies really should consider a scheme like this to renew public faith; something similar to the kitemark scheme.
A Cisco Security Advisory released yesterday admits that "A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled." Can we really trust closed-source vendors, such as Cisco, to develop secure products that are free of backdoors?"
News source: Slashdot.org
View: Cisco advisory