Cisco Blogs


Cisco Blog > Security

Building in Security from the Ground Up with The Cisco Secure Development Lifecycle

At Cisco, security runs through everything that we do. It is our commitment to deliver verifiable, trustworthy network architectures built on secure software and secure hardware, backed by prudent supply chain security practices.

That’s why Cisco created the Cisco Secure Development Lifecycle (Cisco SDL) to ensure that security is central through the entire product development process. CSDL is a repeatable and measurable process we’ve designed to fortify the resiliency and trustworthiness of our offerings, allowing our customers to deploy high-quality products that they can trust.

Cisco SDL utilizes many industry standards and best practices, including ISO certification as part of our development processes. ISO certification provides customers validation and confidence that our processes, such as common technology requirements, secure coding procedures, code reviews, testing, and verification are consistently executed within our product development.

In 2013, we made internal compliance with the Cisco SDL process a stop-ship-grade requirement for all new Cisco products and development projects. As we make our way through 2014, we are building on this commitment, holding our teams accountable and training stakeholders to understand the importance of Cisco SDL process, adoption, and compliance.

From our Integrated Service Routers (ISRs) to our Aggregation Services Routers (ASRs), more products are being introduced across the Cisco portfolio that are Cisco SDL compliant. We look forward to keeping you up to date on progress with the CSDL initiative over the coming months.

Check out the video below where I explain Cisco SDL in more detail:

Learn more about Cisco SDL here: http://www.cisco.com/web/about/security/cspo/csdl/index.html

Tags: , , , ,

SecCon 2013: Global and Local

SecCon is our internal security conference, which for the past five years has taken place live in San Jose. Many industry recognized experts  over the years have graced the stage, and the security community at Cisco looks forward to each December where we gather together to network  and  learn  about the new threats that face our products.  In past years, remote sites around the globe were linked into San Jose, sharing part of the speaker line-up and also giving local security people at remote sites the ability to speak to a local audience. In 2013, for the first time ever, SecCon events were hosted in remote locations.

The goal of these events is twofold: first, to provide high-quality, topical security education to those people responsible for building our products, and second, to growthe security community amongst our engineering population. We believe that security must be part of everyone’s job description at Cisco. We are all part of the security solution, and we use these SecCon events to band together. Read More »

Tags: , , , , ,