<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jan 13, 2014 at 2:08 PM, Kent Borg <span dir="ltr"><<a href="mailto:kentborg@borg.org" target="_blank">kentborg@borg.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Unless someone shows evidence that RSA actually knew they were being punked, the boycott makes no sense. And I can't believe that evidence exists because there was absolutely no need to tell RSA they were being punked to get the outcome they wanted.<br>
</blockquote>
<br></div>
Two points.<br>
<br>
<br>
First, RSA knew--or certainly should have known--that they were in the business of selling security, yet they failed in that. Worse, thewy failed spectacularly and sold something not just broken, but something with a backdoor specifically designed to defeat security. As you well know, this is serious business.<br>
<br>
I don't think the suits knew what they were doing, I think they were just chasing money, they didn't ask too many questions that might get in the way of that money. Businessmen do that. We all know (suits, too), security doesn't sell, buzzwords sell. They sold the buzzwords without the security. Nearly everyone does it to some degree. They did it worse, they were in a position of trust.<br>
</blockquote><div><br></div><div>Absolutely right. But how should we respond?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">If we can't make selling security pay, we can maybe make selling insecurity cost. There are a lot of other suits watching this, seeing how RSA fairs. I want them to see something gruesome, something that worries them. (The same way I want a banker or two who nearly dumped us into recession to go to jail, so others will think twice.)<br>
</blockquote></div><br clear="all"><div>There should be a penalty, no question. But what should the penalty be?</div><div><br></div><div>We should not choose a penalty that causes collateral damage on our side. A much more effective response would be to gut the RSA token business. That hurts EMC's bottom line directly. Changing the speaker lineup at the show does not.</div>
<div><br></div><div>If the RSA token business is gutted there will be no reason for EMC to keep RSA Labs or the name.</div><div><br></div><div><br></div><div>Lets pick out battles here.</div><div><br></div><div><br></div>
-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>