Cisco on March 26 is expected to begin issuing IOS security advisories on the fourth Wednesday of the month in March and September of 
each calendar year, according to a Cisco notice on its Security Advisories page. Cisco says it will still continue to issue individual IOS security advisories for "a serious vulnerability which is publicly disclosed or for which we are aware of active exploitation." Cisco says the current format of IOS security advisories will remain the same, with the software table in each advisory to include a list of recommended releases and fixes. Vulnerabilities affecting the rest of its products will continue to be announced per Cisco standard disclosure policy, the notice reads.
Cisco says the change will provide predictability to its customers, but the long wait between cycles has security bloggers puzzled.
StillSecure blogger Alan Shimmel, writes: "I just feel that twice a year is so infrequent, why bother. If a bug comes to light, lets say in April, I don't want to be waiting for the fourth Wed in September to get the fix and begin testing it. That just does not seem like good business to me."
Another security blogger, Augusto Quadros Paes de Barros writes: "I’m curious about the motives behind this 6 months time; is it because the testing process for cisco products is more complex or they are just less competent than the others on producing patches?"
Recent Cisco IOS blog postings:
Why is Cisco using Linux virtualization and not VMware?
NX-OS - Some Software For all that New Nexus 7000 Hardware
More from Cisco Subnet: * Apple integrates Cisco’s VPN Client into the iPhone * Juniper CTO on Cisco's ASR 1000 router * Cisco's $250K TelePresence vs. a cheaper do-it-yourself option * Fonality PBX pulverizing Cisco HAAS pricing * Apple integrates Cisco’s VPN Client into the iPhone * Why is Cisco using Linux virtualization and not VMware? * Software and security key to Cisco ASR 1000 router series * What changes would you make if Chambers hired you as a consultant? * Coming up: The Chambers & Gore Show * Visit blogger Michael Morris at FutureNet *20 useful sites for Cisco networking professionals Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more. Network World's IT Buyer's Guide: Cisco products Subscribe to Network World's Cisco Alert, which includes a weekly digest of all Cisco Subnet items
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)
|
|
