Ok i have heard different stories on this. At first I heard Trend makes these and is the reason for the licensing in the past few years. Another internal source tells me that cisco has a signature creation group/committee internally that creates these. Whats the skinny? Also, when a know vulnerability is seen out on the internet and a CVE is associated with it, what is the delta in time before this "internal committee" decides to create them as a cisco sig? Can anyone indicate the policy cisco goes through on the decisions and how long this usually takes? Lastly, Cisco sends new sigs all the time, weekly nowadays. In those new sig sets are retired sigs. Why have retired sigs sent in a new sig set ? or are these sigs stricly retiring the old sigs already in the system ? How does cisco decide to retire a sig, what process dloes it go through?