[c-nsp] Visible bug IDs and Cisco service requests
Ted Mittelstaedt
tedm at toybox.placo.com
Wed Jun 29 02:12:04 EDT 2005
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Clinton Work
>Sent: Tuesday, June 28, 2005 3:34 PM
>To: cisco-nsp at puck.nether.net
>Subject: [c-nsp] Visible bug IDs and Cisco service requests
>
>
>
>I have a case open for a 7206/NPE-G1 that crashed and the issue
>has been
>traced to bug CSCdz80661. I asked the case engineer to make the
>bug visible
>in the bug tool, but he has refused. Shouldn't customer encountered bugs
>be make visible on the CCO?
>
Clinton,
This is a moral issue that Cisco has been grappling with for a long
time now. The problems are;
1) Showing bugs that customers haven't found can be used as ammo by
competitors. Bad for Cisco, Good for customers.
2) Showing bugs can puncture egos at Cisco. Bad for Cisco,
neutral for customers.
3) Showing bugs can undercut marketing campaigns by Cisco. Bad for
Cisco, neutral for customers
4) Showing bugs can make some customers change purchasing decisions
since the features they need don't work right. Bad for Cisco, Good
for customers.
5) Showing bugs can reveal vulnerabilities that crackers can exploit.
Bad for Cisco and Bad for customers.
So you see it isn't black and white. How would you feel if you bought
a new router that was supposed to do some particular task and it didn't
because of a bug? Conversly, how would you feel if someone broke into
one of your routers after reading about a bug on CCO and writing an
exploit for it?
Ted
More information about the cisco-nsp
mailing list