It's that time of year again, folks. On Wednesday of next week, the Cisco Product Security Incident Response Team (PSIRT) will release the first Cisco IOS Software Security Advisory Bundled Publication of 2013. As a reminder, Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our security advisories, vulnerabilities scheduled for disclosure in the upcoming bundle will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.
The exceptions to this general guideline-those Cisco Security Advisories that address vulnerabilities below 7.0-are rare and demonstrate how Cisco may look to raise visibility of certain critical issues that affect customers; for example, cisco-sa-20100827-bgp covered a Border Gateway Protocol (BGP) vulnerability with a CVSS Base Score of 5.0. It is also possible, but unlikely, that our PSIRT will release Cisco IOS Software Security Advisories outside the bundle schedule when they've determined that elevated customer risk is present.
Vulnerabilities in Cisco IOS Software and other Cisco products that score lower than 7.0 are not subject to the bundle schedule and will be disclosed through additional disclosure document types throughout the year. Please refer to the Cisco Security Vulnerability Policy for additional information.
Last year, my colleague Tim Sammut spoke about the variety of tools that allow interested parties to stay up-to-date with our advisories as they're released. As March 27, 2013 approaches, I'd like to share some tips to help prepare for the upcoming release. Sometimes the simplest tasks are often the most overlooked and troublesome:
Are there other steps you take to prepare for our Cisco IOS Software Security Advisories? As the project manager responsible for the management and delivery of these bundled disclosures, I'm interested in hearing your thoughts and feedback. Post your thoughts in the comments!