Cisco Security Vulnerability Policy

May 8, 2019

SECURITY

Customers Deserve Transparency to Manage Risk

3 min read

Regardless of how they are found, all vulnerabilities are investigated and publicly reported per our policies.

June 14, 2018

SECURITY

Cisco’s Process for Fixed Software Release and Vulnerability Disclosure

4 min read

To minimize risk associated with vulnerabilities, Cisco employs a well-established and trusted process to disclose vulnerabilities, while taking every effort to minimize the overall impact to customers’ network operations.

April 28, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities

6 min read

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]

December 21, 2015

SECURITY

Update for Customers

1 min read

Following a recent Juniper security bulletin discussing unauthorized code, we have fielded a number of related questions from our customers. Being trustworthy, transparent, and accountable is core to our team, so we are responding to these questions publicly. First, we have a “no backdoor” policy and our principles are published at trust.cisco.com Our development practices […]