RSA CEO Art Coviello has also been known to use dramatic speech in his annual keynote to illustrate the seriousness of the threats the security industry is tasked with protecting against.
Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy and former RSA partner, will be casting a skeptical eye toward such claims at this year's event.
"At the RSA conference last year, Art Coviello spent a full hour barraging the audience with fear-laden words and imagery. Then at the end of the talk, he had the audacity to say 'Now, I have never used fear to sell,'" Plato said in an email. "That contradiction within RSA says to me that this is a company with some serious trust issues."
RSA couldn't be reached for comment.
To be fair, not all RSA partners are ready to ditch the vendor in the wake of the NSA report. Steve Snider, president of Cadre Information Security, a Cincinnati-based RSA partner, noted that encryption is complex technology that isn't impervious to flaws. He's willing to give RSA the benefit of the doubt for its use of Dual EC DRBG.
"What is part and parcel to any discussion of cryptography, especially Elliptical Curve Encryption, is that the math can be rather dense and it's not unreasonable to say that possible weaknesses were unforeseen," Snider said an email.
Snider thinks the larger public outcry will be focused on the NSA as opposed to RSA. "Following the disclosure that Verizon and others were supplying data to the NSA, I doubt that very many people or organizations dumped their telecommunications provider," Snider said.
As for McDonald, he told CRN Alvaka Networks will be careful in the future to get written assurances from vendors to ensure that their security products are, in fact, secure and free of backdoors. In fact, he believes such a clause should be included in all future vendor partnership contracts.
"The damage to trust by the very idea that any corporation would conspire to undermine fundamental security is sickening," McDonald told CRN. "It is one thing for a corporation to participate in legitimate law enforcement functions under warrant or legal arm-twisting mechanisms. It’s entirely something else to profit from the wholesale destruction of privacy."