This discussion is locked

ASK THE EXPERTS - PRODUCT SECURITY INCIDENT RESPONSE TEAM

Unanswered Question
Nov 29th, 2010

Welcome to the Cisco Networking Professionals Ask the Expert conversation.   This is an opportunity to learn about the Cisco Product Security Incident Response Team (PSIRT) and how it creates and maintains publications for security issues that affect Cisco products with Omar Santos.  Omar is a senior network security engineer and incident manager within the Product Security Incident Response team (PSIRT) at Cisco. He has more than ten years of experience in secure data communications. He has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. Government. Santos has lead several secure data communications implementations with the United States Marine Corps (USMC) and Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines and Cisco Press books. Santos graduated with an electrical and computer engineering (ECE) bachelor’s of science degree from Cornell University. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking between the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants that is dedicated to increasing the security of the critical infrastructures of the United States of America. Santos has also delivered numerous technical presentations to Cisco partners and other organizations.

Remember to use the rating system to let Omar know if you have received an adequate response.

Omar might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through December 10, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.8 (5 ratings)
thorton.stevet Mon, 11/29/2010 - 11:38

Omar where does PSIRT publish all the security advisories for vulnerabilities in Cisco products?

Thanks

Steve

Omar Santos Mon, 11/29/2010 - 13:41

Hi Steve,

PK is absolutely correct. All Cisco Security Advisories and Responses are published at the following location:

http://www.cisco.com/go/psirt

They are also posted in Cisco's Security Center at:

http://www.cisco.com/security


In addition to web posting, a text version of each security advisory is posted to the following e-mail and Usenet news recipients.

    cust-security-announce@cisco.com
    first-bulletins@lists.first.org
    bugtraq@securityfocus.com
    vulnwatch@vulnwatch.org
    cisco@spot.colorado.edu
    cisco-nsp@puck.nether.net
    full-disclosure@lists.grok.org.uk
    comp.dcom.sys.cisco@newsgate.cisco.com

Hope this answers your question.

Best regards,

Omar Santos
Cisco PSIRT

j.miller_32 Fri, 12/03/2010 - 16:57

Omar,

What is really the difference between a security advisory and a security response? Thanks.

Omar Santos Fri, 12/03/2010 - 17:05

Hello,

Cisco Security Advisories are published for significant security issues that directly involve Cisco products and require an upgrade, fix, or other customer action.

Cisco Security Responses are published to address less severe problems that affect network security or issues that require a response to information posted to a public discussion forum. They are normally published if a third party makes a public statement about a Cisco product vulnerability that Cisco has previously addressed through our standard disclosure process or when the nature of the issue does not warrant the visibility of a Cisco Security Advisory.

Note: These documents were previously referred to as Security Notices.

One thing to add/highlight is that Security Advisories and Security Responses are not the only documents that Cisco publishes to address security events. Cisco provides these additional types of security-related publications (all documents are available on the Security Intelligence Operations portal on Cisco.com/security).

Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices. Cisco Event Responses contain summary information, threat analysis, and mitigation techniques that feature Cisco products.

Cisco Threat Outbreak Alerts cover the latest data regarding malicious e-mail-based and web-based threats, including spam, phishing, viruses, malware, and botnet activity. These alerts do not relate to Cisco products but are provided for the benefit of Cisco customers and others.

Release Note Enclosures All Cisco bug IDs that are disclosed by Cisco are available for registered customers to view in the Cisco Bug Toolkit.

If a Cisco Security Advisory references a bug, the bug entry in the Cisco Bug Toolkit will link to the relevant Cisco Security Advisory.

These are also documented in our security vulnerability policy located at the following link:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Best regards,

Omar Santos

Cisco PSIRT

steve_vanburen Mon, 12/06/2010 - 12:02

Omar

In all your security advisories I see the reference to CVSS scoring, what is that and where can I get more information about it? Thanks.



Omar Santos Mon, 12/06/2010 - 13:49

Hi Steve,

CVSS is a vendor-neutral vulnerability scoring system designed to provide an open and  standardized method for calculating the risk of security vulnerabilities. Every time we (PSIRT) publish a security advisory the Base and Temporal CVSS scores are included to help customers determine the urgency and priority of response.

An FAQ that may allow to answer additional questions regarding CVSS is posted at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

We also have a CVSS calculator to help compute the environmental impact for individual networks at

http://intellishield.cisco.com/security/alertmanager/cvss

Hope this helps.

Regards,

Omar Santos

Cisco PSIRT

Actions

Login or Register to take actions

This Discussion

Posted November 29, 2010 at 7:30 AM
Stats:
Replies:7 Avg. Rating:4.8
Views:1427 Votes:0
Shares:0

Related Content

Discussions Leaderboard