[c-nsp] Vulnerable Software - search function?

chris at lavin-llc.com chris at lavin-llc.com
Sun Sep 13 13:06:34 EDT 2009


On Sun Sep 13  9:44 , ML  sent:

>Use BugTraq
>
>
>
>I'd settle for a more accurate BugTraq search.  BugTraq seems to always 
>return results for bugs that don't effect my hardware/IOS combination. 
>Assuming that platforms listed as effected are even accurate.
>
>-ML
>
>Garry wrote:
>> I was wondering ... has Cisco ever had the idea of creating something
>> like the FN just for security advisories? I.e., I post the name of an
>> IOS image and get a list of known problems of that relase (or an "OK" if
>> none are known to date)?
>> 
>> After all, while we do have a pretty detailed overview of IOS releases
>> used on backbone/border/cpe devices, it is a pretty big zoo of versions
>> ... sure, we keep a close eye on advisories as far as our border/core
>> routers are concerned ... but one can't watch out for everything ..  :(
>> 
>> -garry


I'm not a fan of the bug tool kit either. When analyzing 2 or 3 possible version yeilds 4,000+ hits per version it becomes an excercise in camping out 
for several days of reading. 

But what really aggrevates me is when you speak of these frustrations to the account team they try to sell you Advanced Services. It seems to me there 
is something fundamentally flawed when I have to pay an extra (and extremely high) price to have a Cisco AS person scrub their code versions for 
me. "Buy our gear and then pay us more to find a version of code to fit your needs".

-chris


More information about the cisco-nsp mailing list