cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2954
Views
24
Helpful
8
Replies

ASK THE EXPERTS - PRODUCT SECURITY INCIDENT RESPONSE TEAM

ciscomoderator
Community Manager
Community Manager

Welcome to the Cisco Networking Professionals Ask the Expert conversation.   This is an opportunity to learn about the Cisco Product Security Incident Response Team (PSIRT) and how it creates and maintains publications for security issues that affect Cisco products with Omar Santos.  Omar is a senior network security engineer and incident manager within the Product Security Incident Response team (PSIRT) at Cisco. He has more than ten years of experience in secure data communications. He has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. Government. Santos has lead several secure data communications implementations with the United States Marine Corps (USMC) and Department of Defense (DoD). He is also the author of many Cisco online technical documents and configuration guidelines and Cisco Press books. Santos graduated with an electrical and computer engineering (ECE) bachelor’s of science degree from Cornell University. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking between the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants that is dedicated to increasing the security of the critical infrastructures of the United States of America. Santos has also delivered numerous technical presentations to Cisco partners and other organizations.

Remember to use the rating system to let Omar know if you have received an adequate response.

Omar might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through December 10, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

8 Replies 8

thorton.stevet
Level 1
Level 1

Omar where does PSIRT publish all the security advisories for vulnerabilities in Cisco products?

Thanks

Steve

Hi Steve,

You can find all Cisco product advisories and http://www.cisco.com/go/psirt

I hope it helps.

PK

Hi Steve,

PK is absolutely correct. All Cisco Security Advisories and Responses are published at the following location:

http://www.cisco.com/go/psirt

They are also posted in Cisco's Security Center at:

http://www.cisco.com/security


In addition to web posting, a text version of each security advisory is posted to the following e-mail and Usenet news recipients.

    cust-security-announce@cisco.com
    first-bulletins@lists.first.org
    bugtraq@securityfocus.com
    vulnwatch@vulnwatch.org
    cisco@spot.colorado.edu
    cisco-nsp@puck.nether.net
    full-disclosure@lists.grok.org.uk
    comp.dcom.sys.cisco@newsgate.cisco.com

Hope this answers your question.

Best regards,

Omar Santos
Cisco PSIRT

j.miller_32
Level 1
Level 1

Omar,

What is really the difference between a security advisory and a security response? Thanks.

cscStage J Millers personalized signature

Hello,

Cisco Security Advisories are published for significant security issues that directly involve Cisco products and require an upgrade, fix, or other customer action.

Cisco Security Responses are published to address less severe problems that affect network security or issues that require a response to information posted to a public discussion forum. They are normally published if a third party makes a public statement about a Cisco product vulnerability that Cisco has previously addressed through our standard disclosure process or when the nature of the issue does not warrant the visibility of a Cisco Security Advisory.

Note: These documents were previously referred to as Security Notices.

One thing to add/highlight is that Security Advisories and Security Responses are not the only documents that Cisco publishes to address security events. Cisco provides these additional types of security-related publications (all documents are available on the Security Intelligence Operations portal on Cisco.com/security).

Cisco Event Responses provide information about security events that have the potential for widespread impact on customer networks, applications, and devices. Cisco Event Responses contain summary information, threat analysis, and mitigation techniques that feature Cisco products.

Cisco Threat Outbreak Alerts cover the latest data regarding malicious e-mail-based and web-based threats, including spam, phishing, viruses, malware, and botnet activity. These alerts do not relate to Cisco products but are provided for the benefit of Cisco customers and others.

Release Note Enclosures All Cisco bug IDs that are disclosed by Cisco are available for registered customers to view in the Cisco Bug Toolkit.

If a Cisco Security Advisory references a bug, the bug entry in the Cisco Bug Toolkit will link to the relevant Cisco Security Advisory.

These are also documented in our security vulnerability policy located at the following link:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Best regards,

Omar Santos

Cisco PSIRT

steve_vanburen
Level 1
Level 1

Omar

In all your security advisories I see the reference to CVSS scoring, what is that and where can I get more information about it? Thanks.



Hi Steve,

CVSS is a vendor-neutral vulnerability scoring system designed to provide an open and  standardized method for calculating the risk of security vulnerabilities. Every time we (PSIRT) publish a security advisory the Base and Temporal CVSS scores are included to help customers determine the urgency and priority of response.

An FAQ that may allow to answer additional questions regarding CVSS is posted at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

We also have a CVSS calculator to help compute the environmental impact for individual networks at

http://intellishield.cisco.com/security/alertmanager/cvss

Hope this helps.

Regards,

Omar Santos

Cisco PSIRT

Lukas Runge
Level 1
Level 1

Little help with PSIRT openVuln API needed

Hello! 

To say this upfront: I am a newbie in API development. Anyway, I had this cool idea of automising our vulnerability management / documentation. 

I have already read the API reference, but can't find what I need: Similar to the Cisco Software Checker, I want to evaluate which of our software versions are affected by specific vulnerabilities.

My Idea was to make API calls by either handing over CVE ID or BugID and getting back the affected software versions or handing over a software version (like in Cisco Software Checker) and receiving all CVE IDs or BugIDs the refered software version is affected by. Preferably with the first fixed software version.

From what I see in the API reference I can't find a way to do that since I can't find the missing lin in between software version and CVE ID/ BugID.

Can you please help me out here?

Thanks,
Lukas Thassilo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: