[Cyph0n]

I second this. My advisor and I recently visited Cisco to present some embedded security work we've been doing. From what I could gather, they were very interested in ensuring that their customers' applications and devices were secure. They were also looking for ways to provide their customers with ways to check for government backdoors.

[epistasis]

There's an honest question about how deep that support goes though. Is it just that group, which is a tiny tiny part of a megacorp? How much influence do they have on the huge number of shipped products? What percentage of shipped Cisco products get a security review?

[i336_]

An alternative line of thought is, making the right noises for the customers while also keeping the bribe budgets liquid, to put it crassly.

Putting my security researcher hat on, maybe this tiny little group's purpose is to figure out and get intel on what directions customers are actually looking in, so they know where to hide stuff.

Not comfortable talk, I know. I'm inspired by http://video.fosdem.org/2014/Janson/Sunday/NSA_operation_ORC... (46:05, well worth watching; 357MB)

[Cyph0n]

Actually, the team we met with was responsible for figuring out how to incorporate low-level security into all Cisco devices.

I sadly do not know the answer to the rest of your questions.