Contact Information: Press Contact: John Noh Cisco Systems, Inc. 408 853-8445 Email Contact Industry Analyst Contact: Lisa Caywood Cisco Systems, Inc. 408 853-0242 Email Contact Investor Relations Contact: Liz Lemon Cisco Systems, Inc. 408 527-8452 Email Contact
Cisco Adds Severity Scores to PSIRT Security Advisories
Advisories to Utilize the Common Vulnerability Scoring System
| Source: Cisco Systems
SAN JOSE, CA -- (MARKET WIRE) -- January 3, 2007 -- The Cisco® (NASDAQ : CSCO ) Product Security
Incident Response Team (PSIRT) will include severity scores in every
security advisory that it issues in 2007 and beyond, Cisco announced today.
The inclusion of these scores, which measure the risk levels posed by a
particular vulnerability, or multiple vulnerabilities, is intended to help
Cisco customers better prioritize their software change- and
patch-management projects.
The PSIRT security advisories now include scores using base and temporal
metrics, two of the three groups in the Common Vulnerability Scoring System
(CVSS). The base metric group comprises seven fundamental, immutable
qualities of a vulnerability, such as a system's authentication
requirements. The temporal metric group represents the time-dependent
qualities of a vulnerability, such as its exploitability, and comprises
three components. The third metric group is not included, as it represents
the implementation- and environment-specific qualities of a vulnerability
that can be best determined by the customers themselves.
CVSS is a vendor-agnostic, industry-open standard designed to convey the
common attributes of vulnerabilities in computer hardware and software
systems. CVSS was developed as a cooperative effort between the National
Infrastructure Advisory Council and a number of security industry vendors
and research organizations including Cisco. The Forum of Incident Response
and Security Teams (FIRST) has been designated as the custodian of CVSS to
promote its adoption globally. (See: http://www.first.org/cvss/)
"The decision to include the CVSS base and temporal metrics in our security
advisories is based on direct feedback from our customers requesting that
Cisco provide guidance regarding vulnerabilities to facilitate more
accurate risk assessments and prioritization. Customers can now compute a
score allowing them to set priorities based on the risk to the specific
environment," said Russ Smoak, director of technical support for Cisco
PSIRT. "Over the years, many of PSIRT's policies and processes have been
developed or have evolved through a number of factors, with customer
feedback being one of the more important ones."
About Cisco PSIRT
Cisco's Product Security Incident Response Team (PSIRT) is a dedicated,
global team that manages the receipt, investigation, and public reporting
of security vulnerability-related information, related to Cisco products
and networks. The on-call PSIRT team works 24x7 with Cisco customers,
independent security researchers, consultants, industry organizations, and
other vendors to identify possible security issues with Cisco products and
networks. More information can be found at http://www.cisco.com/go/psirt.
About Cisco Systems
Cisco (NASDAQ : CSCO ) is the worldwide leader in networking that transforms
how people connect, communicate and collaborate. Information about Cisco
can be found at http://www.cisco.com. For ongoing news, please go to
http://newsroom.cisco.com.
Cisco, Cisco Systems, and the Cisco Systems logo are registered trademarks
or trademarks of Cisco Systems, Inc. and/or its affiliates in the United
States and certain other countries. All other trademarks mentioned in this
document are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any
other company. This document is Cisco Public Information.
For direct RSS Feeds of all Cisco news, please visit "News@Cisco" at the
following link:
http://newsroom.cisco.com/dlls/podcasts/rss.html