The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade. We started this process a long time ago at the request of the list’s then-membership and haven’t been asked to change since.
Admittedly, vulnerability disclosure/discussion/reporting has changed a bit over the years and we may be a bit overdue on rethinking the need to send to NANOG.
Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we’re happy to discontinue sending to the NANOG list directly.
Cisco maintains a mailing list and RSS feed to which we send our Security Advisories, and you’re welcome to join if interested:
Given that probably 80+% (a guess, but I'd be really surprised at a lower
figure) of all internet traffic crosses at least one Cisco device somewhere,
I think it would be a huge disservice to discontinue sending these emails.
10 to 15 emails per year isn't much overhead, compared to seemingly
never-discussions on mandatory email legal signatures and other fluff.
Actually, the *real* value here is for those of us who are *not* Cisco
shops, but the box at the other end of the wire *is*, so that we can be
aware of what possible problems the other end may encounter....
Its true this information is also available in other forums, but I don't have time to filter thru all of those. I *do* have time for nanog, however, because of the good cross section represented here and because it's worthwhile to be aware of what may be happening in other people's camps, because very frequently problems on one side of the wire can spill over and affect the other side as well. I think the advisories are highly relevent then and absolutely should be included here on nanog.
The Cisco PSIRT has been sending IOS Security Advisories to the NANOG mailing list for well over a decade. We started this process a long time ago at the request of the list’s then-membership and haven’t been asked to change since.
Admittedly, vulnerability disclosure/discussion/reporting has changed a bit over the years and we may be a bit overdue on rethinking the need to send to NANOG.
Given that there are a number of forums that more directly address either Cisco-specific issues or are specific to vulnerability announcements, we’re happy to discontinue sending to the NANOG list directly.
Cisco maintains a mailing list and RSS feed to which we send our Security Advisories, and you’re welcome to join if interested:
