For RSA and other U.S. technology vendors, the Snowden leaks mean that they will need to do what Huawei did in the U.K. back in 2010, when the Chinese company had to convince the UK government that the telecom equipment BT wanted to buy did not have backdoors installed by the Chinese government, he noted.
Huawei had to invest in a testing center in the UK to support the GCHQ, NSA's counterpart in the UK, in inspecting its source code. U.S. companies may have to do the same to show their products have not similarly been backdoored by the NSA, he said.
"I think the public as well as security practitioners are rightfully looking for answers to whether any organizations have colluded or been complicit with the internal top secret goals of the NSA," said Lawrence Pingree, an analyst with Gartner.
But for the moment, not enough information is publicly available to determine whether what RSA did is unique.
"To bring some sanity back into this discussion, we must remind ourselves that the information disclosed from the Snowden breach was in fact top secret," Pingree said. So even if a company had cooperated with the NSA at some level, only a few would have known about it.
Rich Mogull, an analyst with security consulting firm Securosis said the criticism directed against RSA is based on incomplete information. "I think they are being hit far harder than the facts warrant," he said. "All we have is one article, and the underlying evidence has not been made public.
"Now if it comes out that RSA deliberately weakened BSAFE to assist the NSA in eavesdropping, they deserve a flailing. But we don't have even close to enough information to make that decision yet. When we learn more, perhaps the time will come to take action against RSA, but not the conference."
Sign up for Computerworld eNewsletters.