Cisco Security Vulnerability Policy

May 8, 2019


Customers Deserve Transparency to Manage Risk

3 min read

Regardless of how they are found, all vulnerabilities are investigated and publicly reported per our policies.

June 14, 2018


Cisco’s Process for Fixed Software Release and Vulnerability Disclosure

4 min read

To minimize risk associated with vulnerabilities, Cisco employs a well-established and trusted process to disclose vulnerabilities, while taking every effort to minimize the overall impact to customers’ network operations.

April 28, 2016


The Evolution of Scoring Security Vulnerabilities

6 min read

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]

December 21, 2015


Update for Customers

1 min read

Following a recent Juniper security bulletin discussing unauthorized code, we have fielded a number of related questions from our customers. Being trustworthy, transparent, and accountable is core to our team, so we are responding to these questions publicly. First, we have a “no backdoor” policy and our principles are published at Our development practices […]