Cisco Product Security Incident Response Team Protection. Security. Transparency. The Cisco Product Security Incident Response Team (PSIRT) is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. PSIRT investigates vulnerabilities across the entire Cisco product portfolio. Over 20 years of experience helping to alert customers about vulnerabilities in Cisco products The single entity authorized within Cisco to disclose vulnerability information to customers Global team of incident managers providing 24/7 support ISO 29147 compliant PSIRT is notified of a security incident PSIRT prioritizes and identifies resources PSIRT coordinates product impact assessment and fixes Customers and the public are notified simultaneously INCIDENT HANDLING PROCESS Cisco proprietary code Third-party software components 011011011 110010101 001001100
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cisco Product Security Incident Response TeamProtection. Security. Transparency.
The Cisco Product Security Incident Response Team (PSIRT) is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks.
PSIRT investigates vulnerabilities across the entire Cisco product portfolio.
Over 20 years of experience helping to alert customers about vulnerabilities in Cisco products
The single entity authorized within Cisco to disclose vulnerability information to customers
Global team of incident managers providing 24/7 support
ISO 29147 compliant
PSIRT is notified of a security incident
PSIRT prioritizes and identifies resources
PSIRT coordinates product impact assessment and fixes
Customers and the public are notified simultaneously
INCIDENT HANDLING PROCESS
Cisco proprietary code
Third-party software components
011011011110010101001001100
BENEFITS
Industry standard – Use standard rules, policies, and scoring systems
Consistency – Apply the same process across the portfolio, even as the product line grows
Best in class service – Provide dedicated support for product security and network protection
Speed – Quickly assign CVEs for security vulnerabilities
Collaboration – Work with product teams across Cisco and third parties
Transparency – Deliver security advisories to the public
» How to report or obtain support for asuspected security vulnerability
» Details on the incident response process
» Communications and disclosure plans
Cisco Common Vulnerabilities and Exposures (CVE) assignments that have been released in Cisco Security Advisories during the past five years.
POLICYPSIRT investigates all reports, regardless of the Cisco software release, through the last day of support for a given product.
Issues are prioritized based on the potential severity of the vulnerability and other environmental factors. Ultimately, the resolution of a reported incident may require upgrades to products that are under active support from Cisco. Review Cisco’s Security Vulnerability Policy to learn about:
Receiving Security Vulnerability Information from CiscoThere are several ways to stay connected and receive the latest security vulnerability information from Cisco.
Cisco Security: cisco.com/securityContact PSIRT: [email protected] feeds: http://tools.cisco.com/security/center/rss.x?i=44Cisco Notification Service: https://www.cisco.com/cisco/support/notifications.htmlCisco PSIRT openVuln API: https://developer.cisco.com/site/PSIRT/
© 2018 Cisco and/or its affiliates. All rights reserved.
600
500
400
300
200
100
02013 2014 2015 2016 2017
Cisco CVE Assignments
Related Documents
