security advisories

September 27, 2017

SECURITY

September 2017 Cisco IOS & IOS XE Software Bundled Publication

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

September 21, 2017

SECURITY

CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 is Now Available

I am pleased to announce that the OASIS CSAF Common Vulnerability Reporting Framework (CVRF) Version 1.2 committee specification is now available. As covered in our previous blog posts, the purpose of the OASIS Common Security Advisory Framework (CSAF) Technical Committee (TC) is to standardize the practices for structured machine-readable security vulnerability-related advisories. The CSAF TC is focusing […]

March 22, 2017

SECURITY

March 2017 Cisco IOS & IOS XE Software Bundled Publication

Today, we released the first Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2017. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

January 24, 2017

SECURITY

Keeping Up with Security Vulnerability Disclosures with the Cisco PSIRT openVuln API

The Cisco PSIRT openVuln API is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as the Common Vulnerability Reporting Framework (CVRF), Open Vulnerability and Assessment Language (OVAL), Common Vulnerability and Exposure (CVE) identifiers, Common Weakness Enumeration (CWE), and the Common Vulnerability Scoring System (CVSS). This API […]

October 31, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities: The Sequel

Back in April, I wrote a blog post about the new version of the Common Vulnerability Scoring System (CVSS). The changes made for CVSSv3 addressed some of the challenges that existed in CVSSv2. For example, CVSSv3 analyzes the scope of a vulnerability and identifies the privileges an attacker needs to exploit it. The CVSSv3 enhancements […]

September 28, 2016

SECURITY

September 2016 Cisco IOS & IOS XE Software Bundled Publication

Today, we released the last Cisco IOS & IOS XE Software Security Advisory Bundled Publication of 2016. (As a reminder, Cisco discloses vulnerabilities in Cisco IOS and IOS XE Software on a predictable schedule—the fourth Wednesday of March and September in each calendar year).  Today’s edition of the Cisco IOS & IOS XE Software Security Advisory […]

March 23, 2016

SECURITY

Cisco IOS & IOS XE Bundled Publication and IOS Software Checker Updates

Today, we released the first of two semiannual Cisco IOS & XE Software Security Advisory Bundled Publications of 2016. (As a reminder, Cisco discloses IOS & XE vulnerabilities on a predictable schedule—the fourth Wednesday of March and September in each calendar year).   Today’s edition of the Cisco IOS & XE Software Security Advisory Bundled Publication includes […]

October 5, 2015

SECURITY

Improvements to Cisco’s Security Vulnerability Disclosures

Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners.  As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]

September 23, 2015

SECURITY

It’s That Time Again—Announcing the Cisco IOS & XE Software Security Advisory Bundled Publication

Today, we released the last Cisco IOS & XE Software Security Advisory Bundled Publication of 2015. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (the fourth Wednesday of March and September each calendar year).  Last cycle, we began including Cisco Security Advisories addressing vulnerabilities in Cisco IOS XE Software in this publication.  This change […]