[c-nsp] Prepare for router Wednesday
Clay Seaman-Kossmey
ckossmey at cisco.com
Sat Mar 15 12:50:24 EDT 2008
Hi -
On Mar 12, 2008, at 3:30 AM, Gert Doering wrote:
>
> Personally, I think there is no way besides "do not code security
> holes"
> to make everybody happy - and I'm fine with the proposed schema.
> Provided
> the mechanism "knowledge appears in the wild -> immediate release"
> works.
>
FWIW, we actually had an event exactly like this happen on Thursday.
The 'Cisco Secure Access Control Server for Windows User-Changeable
Password Vulnerabilities' Advisory we published then was not scheduled
to go out until April 9th. Due to some information about the
vulnerability being published, we went ahead and started our Advisory
publishing process.
In this case it took less than 4 hours for us to publish our Advisory
(and the accompanying AMB document) from the time we were aware of the
disclosure.
The same process applies to IOS advisories as well, as it always has.
Regards,
Clay
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany gert at greenie.muc.de
> fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080315/8bfac0af/attachment.bin
More information about the cisco-nsp
mailing list