vulnerability

April 22, 2013

SECURITY

CVRF: A Penny For Your Thoughts

1 min read

The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page, in my CVRF 1.1 Missing Manual blog series, or in […]

April 2, 2013

SECURITY

I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?

11 min read

"A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?" This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don't panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

March 27, 2013

SECURITY

Today’s the Day: Announcing the Cisco IOS Software Security Advisory Bundle

2 min read

Today, Cisco is celebrating a milestone in its commitment to helping you act on security intelligence—our 10th bundle of Cisco IOS Software Security Advisories. We’re proud of our commitment to these predictable disclosures (on the fourth Wednesday of March and September annually) because they originated as a direct response to your feedback. Bundled publications allow you to plan ahead […]

March 20, 2013

SECURITY

March 2013 Cisco IOS Software Security Advisories: T-7 and Counting!

2 min read

On Wednesday of next week, the Cisco Product Security Incident Response Team (PSIRT) will release the first Cisco IOS Software Security Advisory Bundled Publication of 2013. As a reminder, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our Security Advisories, vulnerabilities scheduled for disclosure in the upcoming bundle will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.

February 12, 2013

SECURITY

Cisco Security Vulnerability Management Presentation at (ISC)2 New York City

This post highlights a presentation made by the Cisco PSIRT team at the (ISC)2′s New York Metro Chapter meeting on evening of February 13th, 2013. The “Security Vulnerability Handling at Cisco” presentation will cover: Collaboration and coordination of Cisco security teams which manage vulnerability detection, mitigation and disclosure PSIRT: Mission, Process, Engagement Model Customer Expectations Top of our mind Take home points Question and Answer By the end of this presentation, attendees will have a better understanding and perspective of what goes into managing security vulnerabilities related to Cisco products, as well as managing security vulnerabilities in general.

January 3, 2013

SECURITY

Security Assessments: More Than Meets the Eye

5 min read

Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?”  A continuous effort must go into substantiating the preferable answer (“Yes”) […]