The bad blood between Cisco Systems and organisers of the Black Hat conference appears to be a thing of the past.
One year after suing the hacker conference for allowing security researcher Michael Lynn to disclose a security vulnerability, Cisco is returning to Black Hat — this time as one of the show’s top sponsors. Black Hat USA will run from July 29 to August 3, in Las Vegas.
“Despite what happened last year we wanted to show our commitment and our openness to working with the security research community,” says John Noh, a Cisco spokesman.
Cisco has sponsored Black Hat in the past, but this is the first time it has shelled out for the show’s most expensive “platinum” sponsor status, Noh says. This means that Cisco’s name will be prominently displayed on conference materials and that the company will be given sponsorship credit for some of the show events, such as coffee breaks.
Cisco’s legal team may not be in attendance, but members of the company’s PSIRT (Product Security Incident Response Team) group will be there in force, Noh says. “We’re there to engage with the security researcher and [with] attendees, and have an open dialogue with them and get them to understand our philosophies around security research.”
However, the networking vendor might get an earful from security experts who blasted Cisco for its handling of the matter last year.
At last year’s show, Lynn demonstrated a method for running unauthorised code on a Cisco router. It was a difficult technical achievement that had been considered impossible by some, but Cisco viewed it as a dangerous disclosure of information that could be used to harm the internet’s infrastructure.
Cisco, and Lynn’s former employer, Internet Security Systems, sued Lynn and Black Hat to prevent them from further discussing the matter. The lawsuit, however, helped bring more attention to the flaw and simply punished Lynn for doing security research that Cisco should have done itself, according to Cisco’s critics.
One security researcher was surprised to see Cisco listed as a sponsor, but he says improving relations with security researchers would be good for the company. Security researchers have had many complaints about the company’s tactics, says Cesar Cerrudo, chief executive officer of security research firm Argeniss.
“I think they realised that public relations is more efficient than legal battles,” he says.