[170587] in North American Network Operators' Group
RE: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of
daemon@ATHENA.MIT.EDU (Chuck Church)
Tue Apr 1 15:25:13 2014
From: "Chuck Church" <chuckchurch@gmail.com>
To: "'Clay Kossmeyer'" <ckossmey@cisco.com>,
<nanog@nanog.org>
In-Reply-To: <73355C63-5D7F-420E-87FC-C3B7BFE9D199@cisco.com>
Date: Tue, 1 Apr 2014 15:24:32 -0400
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Given that probably 80+% (a guess, but I'd be really surprised at a lower
figure) of all internet traffic crosses at least one Cisco device somewhere,
I think it would be a huge disservice to discontinue sending these emails.
10 to 15 emails per year isn't much overhead, compared to seemingly
never-discussions on mandatory email legal signatures and other fluff.
Chuck
-----Original Message-----
From: Clay Kossmeyer [mailto:ckossmey@cisco.com]
Sent: Tuesday, April 01, 2014 2:44 PM
To: nanog@nanog.org
Cc: Clay Seaman-Kossmeyer (ckossmey)
Subject: Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of
Service Vulnerability
Hi All -
The Cisco PSIRT has been sending IOS Security Advisories to the NANOG
mailing list for well over a decade. We started this process a long time
ago at the request of the list's then-membership and haven't been asked to
change since.
Admittedly, vulnerability disclosure/discussion/reporting has changed a bit
over the years and we may be a bit overdue on rethinking the need to send to
NANOG. :)
Given that there are a number of forums that more directly address either
Cisco-specific issues or are specific to vulnerability announcements, we're
happy to discontinue sending to the NANOG list directly.
Cisco maintains a mailing list and RSS feed to which we send our Security
Advisories, and you're welcome to join if interested:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.
html#rsvifc
Thanks,
Clay
