Juniper Networks today made three announcements about new product enhancements and the companies that have deployed them. But behind the product hype, the Sunnyvale, Calif.-based hardware maker has quietly stepped into the midst of one of last summer’s hottest technology controversies.
Technology news readers will remember Michael Lynn as the security expert who stirred up trouble at the Black Hat conference in July 2005. Lynn took his revelations about new exploit tactics against Cisco’s network routers public in a conference presentation that sent Cisco to the courthouse for relief.
Indeed, Juniper hired the former ISS researcher for a yet-to-be-disclosed position without so much as a press release or even a public statement to the media that typically accompanies significant additions to the corporate payroll.
“We can confirm that he works here, but we cannot comment further on individual employees,” Juniper spokesperson Brendan Hayes told TechNewsWorld.
Cisco did not return calls seeking comment.
The Summertime Fiasco
As part of ISS, Lynn uncovered a vulnerability in Cisco’s Internet Operating System software that, if exploited, could possibly bring down a router. ISS consulted with Cisco and decided at the last minute not to present the findings at the Black Hat conference.
Bent on sharing his bombshell research, Lynn resigned from ISS and went ahead with the presentation. Both Cisco and ISS filed a legal complaint against Lynn for allegedly reverse-engineering Cisco’s software.
Cisco cried to the courts about the potential security risk facing the Internet and its clients if Lynn continued spreading his findings. Lynn eventually promised not to use any of the knowledge he had discovered about the Cisco vulnerability and the case was settled. But the memories remain.
Is Cisco’s Loss Juniper’s Gain?
Lynn is now one of the most high-profile security researchers in the business — and he works for Cisco rival Juniper. Is Cisco’s loss Juniper’s gain? Current Analysis Analyst Joel Conover told TechNewsWorld he does not see any relevant impact on Cisco, other than perhaps a missed opportunity to hire Lynn for itself.
“Juniper has picked up a very talented high profile security individual. Any company that’s serious about the security industry could benefit from the expertise that an individual like Michael Lynn brings to them,” Conover said. “Had Lynn been given an offer from Cisco I think he probably would have jumped on it, too, if he felt that Cisco would have acted on his recommendations and abilities.”
Conover said the challenge for Lynn is working with Juniper to implement his recommendations as part of the architecture. It’s one thing to find bugs that are show stoppers, he said, but it’s a much different thing to work with development teams to create platforms that are tactically superior and offer fewer opportunities for hackers to create exploits.
The question is, was this in any way a political move on the part of Juniper? Conover does not think so. He sees it more as just a smart business move.
“If Juniper can take a talented engineer like Michael Lynn and put him in charge of a group of people that are focused on making sure the quality of Juniper’s products are as high class as they can be, then that’s money well spent because they don’t have to do damage control,” Conover said. “Every time one of these things happens it’s harmful to the reputation of the vendor involved. I think you can definitely use expertise in house to make your products better.”