Both. Neither. It might not be an intention of the management but it surely is a consequence of their outsourcing decisions.
There is a team working for Cisco who does not care for quality who decided it is a good idea to have a baked in password and who do not learn from past mistakes.
The core of the problem is outsourcing your core product to people who are neither competent nor interested in the quality of the product.
Every time I see any company thinking they can push their core responsibility to somebody else who's interests are not aligned, I can confidently say it is going to go downhill and fail at some point.
Regardless of outsourcing: you have to do at least some inbound QA and some checks on your product's firmware. Especially if you have had that exact bug before. But the paranoid part of me simply wonders whether this is so they can claim plausible deniability and 'accident' rather than malice.
You do outsourcing for one and one reason only: you need to throw warm bodies onto a problem for cheap. Everything else is expensive, and any other reason is sugar coating. Having inbound QA? Expensive! Checks on firmware? Expensive! Exhaustive testing before shipping firmware so that edge cases are cared for before the machine is in the field? Expensive! Get rid of it all! Just look at our bottom line grow.
You know what else is expensive? You need to troubleshoot some gear but you can't get in easily. Sophisticated procedures for getting into a router take time and skill to implement and to use, so they are, yes, you guessed it right: Expensive! What is not expensive? Having a surefire set of shared credentials that will work on bloody anything, that's what!
Short term cheap, but long term very expensive. I stopped using CISCO after the first time, but I will never know how my current vendor deals with these things either because it's not as if this gear comes with full source code attached and even if it did I wouldn't have the resources to audit it.
But inside CISCO even the most basic code review should have caught this, besides that even for test purposes they should have never ever implemented this.
Inside the MBA ideology, that "long term very expensive" doesn't exist. Lowering costs is good long term, because it grows the market and gives the company more money to invest into competitive advantage and grow its brand.
I don't care if it is a prevalent ideology. If the ideology calls for providing poor service to the customer, somebody will find a way to provide better service and will boot you out of the market entirely.
Getting your company disrupted or getting your market share diminished is extremely expensive and this is my understanding of what Jacques meant.
That sounds nice but I don't think it actually happens. Shittier but cheaper service seems to always fare better than the better but more expensive one.
Fully disagree, and especially with "always". Fortunately, it is trivial to show it is false.
What kind of shiny rectangle do you have in your pocket. Is it the cheapest option? Which company in that market makes the most expensive product? Which company in the market fares best?
And Cisco itself, for decades, was not only the most expensive network equipment in multiple markets but also bringing highest margins and biggest bucks.
> You do outsourcing for one and one reason only: you need to throw warm bodies onto a problem for cheap. Everything else is expensive, and any other reason is sugar coating.
Do people who post these silly hyperboles sincerely believe them? There’s plenty of other reasons to outsource something, including many where it’s known from the outset that it would be the more expensive option.
I don't have anything against outsourcing. There is plenty of reasons to outsource, true. But there is one that is most important and IT IS NOT THE COST. I am not saying the cost is not important, I am just saying it is not the most important.
The most important reason is that you want to focus on your core product and not on everything else. If your core product that you sell to your customers are routers, if you are the CEO of the company, you probably do not want to oversee a division that produces accounting software or remote desktop software. If you need these things, you either buy them or outsource them.
You want to spend all your focus producing the best product for your customers, and this is routers. Not anything else that does not directly go into making better experience for your costumers.
It usually is or at least, in principle, should be cheaper. Because for some reason if somebody cares for the product, the total cost to produce the product at a given quality level will be lower.
But then your core product is the routers, and you outsource their firmware, you also outsource a very good chunk of hardware they are made of, and this is where what you're saying kind of falls apart.
Because from the looks of it, if I assume what you're saying is 100% true, the product is sales contracts for the routers and not the routers themselves.
I wouldn't know if it is malice. We won't know unless somebody catches them red handed with an email to prove it.
But I don't think it is malice. The engineer in me says that there are just too many eyes looking at the software and that it is just too easy for somebody to identify a password and that the consequences of it are too costly for the company.
And I can think of a zillion ways to leave a backdoor that is much more difficult to detect.
Of course, this does not absolve them from responsibility in any way. The core responsibility, the core product they provide is security. And not only they are showing they can't provide a secure product, they prove they simply do not learn and do not care to fix it.
Lots of companies thrive without trying to be cheapest in the market. In most markets there is "expensive", but quality option and then there is a cheap option that everybody knows may be less quality. Companies make these choices all the time and those more expensive options are still successful.
And Cisco is actually positioned as an expensive option. For decades in many segments of the market, Cisco was the top option that you had to pay for through the nose.
