psirt

2 min read

The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. What we would like to get now is feedback from our customers on how the bundle delivery format has changed your lives (well, at least during working hours!), for better or for worse, when it comes to dealing with Cisco PSIRT security vulnerabilities identified in your Cisco IOS environment. The information you provide in this survey will help Cisco to continue to evolve our vulnerability disclosure process to address your challenges and concerns, just as we did back in 2008 when we listened to you and developed the Cisco IOS Software Security Advisory bundle process.

11 min read

"A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?" This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don't panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

2 min read

On Wednesday of next week, the Cisco Product Security Incident Response Team (PSIRT) will release the first Cisco IOS Software Security Advisory Bundled Publication of 2013. As a reminder, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our Security Advisories, vulnerabilities scheduled for disclosure in the upcoming bundle will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.

4 min read

Here's the second in a series of posts discussing how Cisco SecCon 2012 (December 3-6) brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.