Cisco has agreed to pay $8.6 million to settle a claim it sold video surveillance software it knew was vulnerable to hackers to hospitals, airports, schools, state governments and federal agencies. The tech giant continued to sell the software and didn’t fix the massive security weakness for about four years after a whistleblower first alerted the company about it in 2008, according to a settlement unsealed Wednesday with the Justice Department and 15 states as well as the District.

This is a new wrinkle in the disclosure debate. Refuse to patch, pay out later. But 10 years seems like a very long timeline.

source: white