The Cisco PSIRT supports encrypted messages via PGP/GNU Privacy Guard (GPG). Ongoing status on reported issues will be determined as needed.Ĭisco encourages the encryption of sensitive information that is sent to Cisco in email messages. Nonemergency requests that are received via email are typically acknowledged within 48 hours. Please contact the Cisco PSIRT using one of the following methods.
The minimal data needed for reporting a security issue is a description of the potential vulnerability. Cisco welcomes reports from independent researchers, industry organizations, vendors, customers, and other sources concerned with product or network security. Individuals or organizations that are experiencing a product security issue are strongly encouraged to contact the Cisco PSIRT. Reporting or Obtaining Support for a Suspected Security Vulnerability The on-call Cisco PSIRT works 24 hours a day with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security vulnerabilities and issues with Cisco products and networks. The Cisco PSIRT adheres to ISO/IEC 29147:2014. Cisco defines a security vulnerability as an unintended weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of the product. The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Cisco products and networks. The Cisco Product Security Incident Response Team (PSIRT) is responsible for responding to Cisco product security incidents. This policy must clearly state how Cisco addresses reported security vulnerabilities in Cisco products and services, including the timeline, actions, and responsibilities that apply equally to all customers. It is essential to ensure that Cisco customers have a consistent, unambiguous resource to help them understand how Cisco responds to events of this nature.
This policy was created for customer guidance and information in the event of a reported vulnerability in a Cisco product or service.