RSA chief Art Coviello had a lot to cover at his RSA Conference
keynote this week. In fact, he had so much to say that he tossed out his
original talk and got straight to the point: his organization’s involvement
with the NSA, the urgency of the cyber threat landscape, and how we should all
be doing much, much more to collaborate as a security community.
Coviello came out of the gate with the first direct issue by
denying the allegations that his company took $10 million from the NSA to build
a backdoor into its software and noted that their joint projects were never
secret. He says that, like other commercial organizations who work with the
government, RSA used the (flawed) encryption algorithm that they named in order
to meet their certification requirements, then took it out when NIST said they
should. He also spent a few minutes discussing the dual nature of the NSA—the difference
between its two purposes of intelligence gathering (offense) and information
security (defense)—and reiterated a call to separate the two into different
agencies.
