Cisco Security Vulnerability Policy

3 min read

Regardless of how they are found, all vulnerabilities are investigated and publicly reported per our policies.

4 min read

To minimize risk associated with vulnerabilities, Cisco employs a well-established and trusted process to disclose vulnerabilities, while taking every effort to minimize the overall impact to customers’ network operations.

6 min read

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]

1 min read

Following a recent Juniper security bulletin discussing unauthorized code, we have fielded a number of related questions from our customers. Being trustworthy, transparent, and accountable is core to our team, so we are responding to these questions publicly. First, we have a “no backdoor” policy and our principles are published at trust.cisco.com Our development practices […]