The top lawyer at Cisco Systems Inc. said Wednesday the company’s $8.6 million settlement over alleged security flaws marks a “new environment” and heightened standards for software providers.

The qui tam case brought against Cisco, settled Wednesday, alleged the company failed to disclose possible security flaws in video surveillance software it sold to various U.S. government entities from 2008 to 2014. Plaintiff James Glenn, a former Denmark-based employee of Cisco partner company NetDesign, allegedly alerted Cisco to security flaws in 2008.

He alleged the flaws could allow hackers to access passwords and stored data and delete video feeds. A Cisco representative said there has been ”no allegation or evidence that any unauthorized access to customers’ video occurred as a result of the architecture.”

Mark Chandler, chief legal officer of San Jose, California-based Cisco, said in a blog post the settlement—reached with “no evidence that any customer’s security was ever breached”—is a sign “standards by which suppliers are judged are … changing.”

“Nothing illustrates better the way standards are changing than our engagement in resolving a dispute involving video security software products sold by us in Cisco’s fiscal years 2008 through 2013,” Chandler said in the post, titled “A Changed Environment Requires a Changed Approach.” ”In short, what seemed reasonable at one point no longer meets the needs of our stakeholders today.”

The software product at the heart of the case was acquired by Cisco in 2007 through its acquisition of original developer Broadware.

Chandler said Broadware intentionally designed Video Surveillance Manager with an open architecture to allow customization, a structure that meant “video feeds could theoretically have been subject to hacking.”

“Evaluating these facts today, we’ve now agreed to make a payment that includes, what is in effect, a partial refund to the US federal government and 16 states for products purchased between Cisco’s fiscal years 2008 and 2013,” said the CLO.

He noted Cisco urged users to build additional security features to software licensed from the company in a 2009 best practices guide. In 2013, Cisco issued a software upgrade that “addressed security features. The company stopped selling Video Surveillance Manager the following year.

“While this is a legacy issue which no longer exists, it matters to us to recognize that times and expectations have changed,” Chandler said.

Read More: