Cisco Security Vulnerability Policy
Customers Deserve Transparency to Manage Risk
3 min read
Regardless of how they are found, all vulnerabilities are investigated and publicly reported per our policies.
Cisco’s Process for Fixed Software Release and Vulnerability Disclosure
4 min read
To minimize risk associated with vulnerabilities, Cisco employs a well-established and trusted process to disclose vulnerabilities, while taking every effort to minimize the overall impact to customers’ network operations.
The Evolution of Scoring Security Vulnerabilities
6 min read
The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vulnerability and identifies the privileges […]
Update for Customers
1 min read
Following a recent Juniper security bulletin discussing unauthorized code, we have fielded a number of related questions from our customers. Being trustworthy, transparent, and accountable is core to our team, so we are responding to these questions publicly. First, we have a “no backdoor” policy and our principles are published at trust.cisco.com Our development practices […]