The roots of the Schneier/RSA spat

Why are RSA and security expert Bruce Schneier feuding? We explain why they appear not to like each other!

The president of RSA Security, Art Coviello, has savaged security commentator and Counterpane CTO Bruce Schneier in a recent podcast interview.

The stoush follows the publication of an article by Schneier on in which he predicted "the death of the end-user security industry that gathers at the RSA Conference."

When asked to respond to Schneier's comments, Coviello -- who was visiting Australia to speak with customers and the press -- delivered a spirited response. "Bruce talks out of both sides of his mouth," Coviello told Risky Business. "He'll tell you (that) you can't have a perfect security system (but) then when he sees any flaw in the system he says 'well, you might as well not have it'. So which is it, Bruce?"

In 2005, Schneier criticised the one-time passcode technology made by RSA.

"One of the things he said is that one time passcodes, which we are essentially the inventors of, can be defeated by man in the middle attacks. He in essence says they're little better than passwords. What a ridiculous statement to make," Coviello said.

"We know of only two instances where a man in the middle attack on a one time passcode has been successful... You're never going to have perfect security systems but what you want to have is defence in depth," he added. "He's an advocate for defence in depth. Well, Bruce, I'm giving you an answer: I've got defence in depth. Now what's your next question?"

Coviello, the former RSA CEO, has been with the company for 14 years and was retained by EMC as the company's president following its acquisition by storage giant EMC.

Bruce Schneier is yet to respond to Risky Business's offer of right-of-reply.

Read more on IT risk management