Software Provider and DOJ Reach $8.6M Settlement for FCA Case Involving Alleged Cyber Security Shortcomings

TL;DR – don’t sell software with known security vulnerabilities…:

[…] The case, United States of America v. Cisco Systems, involved allegations from a former-subcontractor whistleblower that Cisco Systems knowingly sold video monitoring technology containing security flaws to the United States, eighteen states, and the District of Columbia. See Complaint, Case No. 11-cv-400 (W.D.N.Y. May 5, 2011). According to the whistleblower, the security flaws to the video monitoring technology created a backdoor to the system, enabling a potential user to gain unauthorized access to the entire network of a federal agency, take control of or bypass an agency’s physical security systems, or even allow an unauthorized user to obtain administrative access to the system to make modifications. Id. Notwithstanding its awareness of the security flaws, and knowing that the disclosure of the security flaws would have prevented the federal government from purchasing the video monitoring technology, the Relator alleged that Cisco Systems withheld information regarding the security flaws from multiple federal and state agencies to which it sold the video monitoring technology. Id.


Read the original article here