A phrase I’ve recently been hearing repeated is that “product features will come and go, but risk mitigation is continuous.” With that in mind, our Product Security Incident Response Team (PSIRT) is doing its part by seeking ways to improve how we transparently communicate information about Cisco product vulnerabilities to our Customers and Partners. Starting in January of 2013 we will be launching a new deliverable called the Cisco Security Notice.
The purpose of the Cisco Security Notice is to make it easier for Customers and Partners to access information about low to medium severity vulnerabilities in Cisco products. A Cisco Security Notice will be the primary disclosure document for all security defects that PSIRT scores with a Common Vulnerability Scoring System (CVSS) base score from 4.0 to 6.9 and will be posted to the PSIRT publication listing page. Each vulnerability disclosed through a Cisco Security Notice will be assigned a Common Vulnerability and Exposures (CVE) Identifier to aid in identification. Check out the sites for CVE, CVSS, and this CVSS scoring calculator if these terms are relatively new to you or you simply need a refresher. Read More »