psirt

August 28, 2019

SECURITY

Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

On August 28th, 2019, Cisco published a Security Advisory disclosing an internally found vulnerability affecting the Cisco REST API container for Cisco IOS XE.

April 29, 2019

SECURITY

The PSIRT Services Framework: Helping the Industry Protect the Ecosystem

At Cisco, our leadership made the decision over twenty four years ago that we would clearly publicly communicate security vulnerabilities or other issues that could potentially expose customers to risk....

April 25, 2019

SECURITY

Trust is Not a Light Switch

The path to earning and maintaining the position of trusted partner is a privilege, and one which never fully ends.

April 22, 2019

SECURITY

Insights About the Global Internet Routing Table Reaching the 768k Milestone

Back in 2014, I wrote an article that highlighted that global Internet routing table passed the 512,000 or 512k route mark. Today we know that another significant milestone has been...

February 5, 2018

SECURITY

Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …

On January 29, 2018, the Cisco PSIRT published a security advisory about a remote code execution and denial of service vulnerability affecting the Cisco ASA and Cisco Next-Generation Firewall platforms.

October 16, 2017

SECURITY

Perspective About the Recent WPA Vulnerabilities (KRACK Attacks)

On October 16th,Mathy Vanhoef and Frank Piessens, from the University of Leuven, published a paper disclosing a series of vulnerabilities that affect the Wi-Fi Protected Access (WPA) and the...

September 27, 2017

SECURITY

September 2017 Cisco IOS & IOS XE Software Bundled Publication

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

September 21, 2017

SECURITY

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available

I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing […]

June 20, 2017

SECURITY

CVRF Version 1.2 Now Available for Public Comment

A few months ago, I wrote about the new OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC). The purpose of the CSAF Technical Committee is to standardize the practices for structured machine-readable security vulnerability-related advisories. And then we will further refine those standards over time. The Common Vulnerability Reporting Framework (CVRF) Version 1.2, the […]