We know that communicating quickly and openly about security vulnerabilities can result in a little extra public attention for Cisco. As a trustworthy vendor, this is something we’re happy to accept.
It’s recently been said that there is only one thing being discussed by IT security people right now – the OpenSSL heartbeat extension vulnerability (aka Heartbleed). As the guy responding to related media questions for Cisco, that certainly rings true.
Cisco was one of the first to provide a comprehensive update for our customers (April 9): OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products. This advisory continues to be updated, and at the time of this posting was on its fourth version. It provides an overview of the topic, and a full list of the Cisco products confirmed as affected, remediated, or not affected. It also links to more information, including any available workarounds or free software updates.
Our customers can rely on the fact that our response will be managed according to our long-standing security disclosure policy. This means providing the best information we have, as quickly as possible, even if that information could be incomplete at the time. As we continue to make progress, we will continue to update our public-facing information.
To our customers: we recommend staying connected to this information, and consider any implications for your network.