advisories
A Culture of Transparency
Many Cisco customers with an interest in product security are aware of our security advisories and other publications issued by our Product Security Incident Response Team (PSIRT). That awareness is probably more acute than usual following the recent Cisco IOS Software Security Advisory Bundled Publ…
Coordinated Attacks Against the U.S. Government and Banking Infrastructure
Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out…
CVRF: A Penny For Your Thoughts
The Common Vulnerability Reporting Framework (CVRF) is a security automation standard intended to make your life easier by offering a common language to exchange traditional security and vulnerability bulletins, reports, and advisories. You can read more about it on the official ICASI CVRF 1.1 page,…
I Can’t Keep Up with All These Cisco Security Advisories: Do I Have to Upgrade?
“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?” This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Ci…
Tools of the Trade: cvrfparse
Prologue In this article, you will be provided a thorough treatise on an in-house developed tool for parsing and validating CVRF documents aptly named “cvrfparse”. The article is split into two parts. The first part, intended for CVRF document producers and consumers, is a hands-on manua…