New PSIRT Deliverable Aids Transparency in Vulnerability Disclosure
A phrase I’ve recently been hearing repeated is that “product features will come and go, but risk mitigation is continuous.” With that in mind, our Product Security Incident Response Team (PSIRT) is doing its part by seeking ways to improve how we transparently communicate information about Cisco product vulnerabilities to our Customers and Partners. Starting […]
New Java Vulnerability Being Exploited in the Wild
The new Oracle Java arbitrary code execution vulnerability has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the […]
Protecting Our Networks: It’s a Team Game Now!
I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.” In other words, I will never tolerate one player acting selfishly enough to think […]
Security Assessments: More Than Meets the Eye
Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?” A continuous effort must go into substantiating the preferable answer (“Yes”) […]
Commitment and Community: Cisco’s Security DNA
This is our final post in the series of SecCon-related articles. This post drives home the point made by Cisco's senior executives at the SecCon conference - security must be pervasive in every aspect of every product we design, develop, and deploy. It’s what our customers expect, and SecCon is one of the major delivery vehicles for creating a unified front within the engineering community as part of Cisco’s evolution towards the “Internet of Everything”.
Security Features vs. Securing Features
Here's the fourth in a series of posts revolving around the recently held Cisco SecCon 2012 (December 3-6) security conference. This post zeroes in on the fact that software vendors need to start focusing (more) on the overall security and quality of software, not just on the implementation of security features in products.
Securing Linux Based Products With CSDL
Here's the third in a series of posts revolving around the recently held Cisco SecCon 2012 (December 3-6) security conference. The focus of this post is on the Cisco Secure Development Lifecycle (CSDL), Cisco’s approach to building secure products and solutions, and specifically the release of two Cisco documents that have been an integral part of CSDL: “Linux Hardening Recommendations For Cisco Products” and “Product Security Baseline Linux Distribution Requirements."
Have You Architected Your Data Center Survival Strategy for A Dystopic Cyber Landscape?
Drawing from a recent read of “Case 1: The Seeds of Dysptopia” in the World Economic Forum 2012 Global Risks 2012 Seventh Edition, it’s now more than apparent than ever that the impact of crime and terrorism in the digital world is fast mirroring that of a physical world. We’re living in an era where […]
Let’s Hack Some Cisco Gear at SecCon!
Here's the second in a series of posts discussing how Cisco SecCon 2012 (December 3-6) brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.
Why Cisco Security?
Explore our Products & Services
Subscribe to our Blogs
Stay up to date and get the latest blogs from Cisco Security