Company makes a security product, neglects to deploy it on their own systems, is inflitrated and their signing server is used to sign malware.
Arguably, their operational hiccup tells us nothing about the excellence of their product. But it might cast doubt on the integrity of that product… but I don’t know that RSA suffered reputational damage from their inflitration incident: their postmortem is at http://blogs.rsa.com/anatomy-of-an-attack/
(via Computer security & lockpicking community)
https://blog.bit9.com/2013/02/25/bit9-security-incident-update/