Cisco Security Vulnerability Policy

May 8, 2019

SECURITY

Customers Deserve Transparency to Manage Risk

Our commitment to customers is to be open and transparent, especially as it relates to issues that could negatively impact their business. At Cisco, our leadership made the decision over twenty years ago that we would clearly communicate with customers about technical or other issues that could pote…

June 14, 2018

SECURITY

Cisco’s Process for Fixed Software Release and Vulnerability Disclosure

This blog was collaboratively written by Lou Ronnau, Scott Bradley, and Dan Maunz on the Cisco Customer Assurance Security Programs (CASP) team.  One of Cisco’s guiding principles is to protect the security of our customers’ networks, and our policies related to vulnerabilities in our products and s…

April 28, 2016

SECURITY

The Evolution of Scoring Security Vulnerabilities

The Common Vulnerability Scoring System (CVSS), which is used by many in the industry as a standard way to assess and score security vulnerabilities, is evolving to a new version known as CVSSv3. These changes addressed some of the challenges that existed in CVSSv2; CVSSv3 analyzes the scope of a vu…

December 21, 2015

SECURITY

Update for Customers

Following a recent Juniper security bulletin discussing unauthorized code, we have fielded a number of related questions from our customers. Being trustworthy, transparent, and accountable is core to our team, so we are responding to these questions publicly. First, we have a “no backdoor” policy an…