Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
Hi All - The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade. We started this process a long time ago at the request of the list’s then-membership and haven’t been asked to change since. Admittedly, vulnerability disclosure/discussion/reporting has changed a bit over the years and we may be a bit overdue on rethinking the need to send to NANOG. :) Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we’re happy to discontinue sending to the NANOG list directly. Cisco maintains a mailing list and RSS feed to which we send our Security Advisories, and you’re welcome to join if interested: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.... Thanks, Clay
Given that probably 80+% (a guess, but I'd be really surprised at a lower figure) of all internet traffic crosses at least one Cisco device somewhere, I think it would be a huge disservice to discontinue sending these emails. 10 to 15 emails per year isn't much overhead, compared to seemingly never-discussions on mandatory email legal signatures and other fluff. Chuck -----Original Message----- From: Clay Kossmeyer [mailto:ckossmey@cisco.com] Sent: Tuesday, April 01, 2014 2:44 PM To: nanog@nanog.org Cc: Clay Seaman-Kossmeyer (ckossmey) Subject: Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Hi All - The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade. We started this process a long time ago at the request of the list's then-membership and haven't been asked to change since. Admittedly, vulnerability disclosure/discussion/reporting has changed a bit over the years and we may be a bit overdue on rethinking the need to send to NANOG. :) Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we're happy to discontinue sending to the NANOG list directly. Cisco maintains a mailing list and RSS feed to which we send our Security Advisories, and you're welcome to join if interested: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy. html#rsvifc Thanks, Clay
On Tue, 01 Apr 2014 15:24:32 -0400, "Chuck Church" said:
Given that probably 80+% (a guess, but I'd be really surprised at a lower figure) of all internet traffic crosses at least one Cisco device somewhere, I think it would be a huge disservice to discontinue sending these emails.
Actually, the *real* value here is for those of us who are *not* Cisco shops, but the box at the other end of the wire *is*, so that we can be aware of what possible problems the other end may encounter....
On 04/01/2014 11:44 AM, Clay Kossmeyer wrote:
Hi All -
The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade. We started this process a long time ago at the request of the list’s then-membership and haven’t been asked to change since.
Admittedly, vulnerability disclosure/discussion/reporting has changed a bit over the years and we may be a bit overdue on rethinking the need to send to NANOG. :)
Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we’re happy to discontinue sending to the NANOG list directly.
Cisco maintains a mailing list and RSS feed to which we send our Security Advisories, and you’re welcome to join if interested:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy....
Its true this information is also available in other forums, but I don't have time to filter thru all of those. I *do* have time for nanog, however, because of the good cross section represented here and because it's worthwhile to be aware of what may be happening in other people's camps, because very frequently problems on one side of the wire can spill over and affect the other side as well. I think the advisories are highly relevent then and absolutely should be included here on nanog. Thanks.
From: Clay Kossmeyer <ckossmey@cisco.com> To: nanog@nanog.org Cc: Clay Seaman-Kossmeyer (ckossmey) <ckossmey@cisco.com> Sent: Tuesday, April 1, 2014 11:44 AM Subject: Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability Hi All - The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade. We started this process a long time ago at the request of the list’s then-membership and haven’t been asked to change since. Admittedly, vulnerability disclosure/discussion/reporting has changed a bit over the years and we may be a bit overdue on rethinking the need to send to NANOG. :) Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we’re happy to discontinue sending to the NANOG list directly. Cisco maintains a mailing list and RSS feed to which we send our Security Advisories, and you’re welcome to join if interested: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.... Thanks, Clay Touche'! ....such is NANOG...a few who post more frequently than most like to umm... Speak-UP. ./Randy
participants (5)
-
Chuck Church -
Clay Kossmeyer -
Mike -
Randy -
Valdis.Kletnieks@vt.edu