[cisco-voip] Nuance And Their Lack of Enterprise Security

Jon Shay tucsonwireless at gmail.com
Tue Nov 10 13:16:09 EST 2015


Anyone use Nuance in their Contact Center(s)? We have been for a handful of
years between two different ACDs. We're in a current project moving from
one ACD to a new ACD vendor and an interesting tid-bit came out during a
security vulnerability scan.

Most if not all of the interfaces to their applications are web-based and
the scan identified one of their products using HTTP instead of HTTPS. We
asked them to secure it and here is what they said - "No. It is designed
that way. If you want security put it behind a firewall to properly secure
it." Whaaaat?

So they are charging enterprise pricing for this application (7 figures)
but they tell us to take a hike and use a FW to make up for lack of
programming skills.

Has anyone else had issues similar to this with Nuance? Did you have a
means to resolve it without legal action? Do you recommend any other speech
vendors that understand enterprise security?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20151110/92a7e9b6/attachment.html>


More information about the cisco-voip mailing list