Cisco: Introducing a New Addition to Cisco’s Security Impact Rating
The Cisco Product Security Incident Response Team (PSIRT) is committed to protecting customers by sharing security-related information in a timely manner and in different formats. Although some of the information that we receive may not relate to a specific vulnerability or issue in a Cisco product, the information may be valuable to our customers. For this reason, PSIRT is introducing a new Security Impact Rating (SIR) for Cisco Security Advisories: Informational.
The Informational rating gives PSIRT the flexibility to provide important security information that may not fit into the traditional Critical, High, Medium, and Low range of SIR values for our security advisories. In advisories that have an Informational SIR, we’ll cover topics such as:
- Information discussed in a public forum
- Configuration suggestions
- General, proactive security outreach
The format of these advisories will be the same as any other type of Cisco Security Advisory. The following figure shows an example of a Cisco Security Advisory that has an Informational SIR:
Key differences from other advisories are the color and text in the advisory badge and the possible absence of Cisco bug IDs, a CVE ID, a CWE ID, and CVSS scores. This is due to the nature of the Informational advisory. Unlike advisories with other SIR values, Informational advisories are likely to discuss potential issues, not proven vulnerabilities or vulnerabilities that affect Cisco products. To learn how the new Informational SIR value compares to existing SIR values, see the Assessing Security Risk section of the Cisco Security Vulnerability Policy.
Read the entire article here, Introducing a New Addition to Cisco’s Security Impact Rating
Via the fine folks at Cisco Systems.