[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sources: Full and Partial Coverage (CNA increase)

On Mon, Jun 25, 2012 at 08:18:36AM +0000, Carsten Eiram wrote:
> If major vendors as well as the Top3/Top5 vulnerability coordination houses 
> are CNAs then we would "automatically" get a solid coverage for at lot of the 
> most interesting sources/products.

I am willing to help reaching out to vendors and evangelize once we agree that
that is what we want. And, for the record, I think that we should. Not only
it provides automagicall coverage of the important products but it also
enables the trickle-down effect. Big vendor pushes things to its supply
chain which will (eventually) result in more vendors becoming CNAs and wider


Damir Rajnovic <psirt@cisco.com>, PSIRT Incident Manager, Cisco Systems
<http://www.cisco.com/go/psirt>      Telephone: +44 7715 546 033
300 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GE, GB
There are no insolvable problems. 
The question is can you accept the solution? 

Incident Response and Product Security

- - - -
Cisco.com - http://www.cisco.com/global/UK

This e-mail may contain confidential and privileged material for the sole 
use of the intended recipient. Any review, use, distribution or disclosure by 
others is strictly prohibited. If you are not the intended recipient (or 
authorized to receive for the recipient), please contact the sender by reply 
e-mail and delete all copies of this message.

Cisco Systems Limited (Company Number: 02558939), is registered in England 
and Wales with its registered office at 1 Callaghan Square, Cardiff, 
South Glamorgan CF10 5BT

For corporate legal information go to:

Page Last Updated or Reviewed: November 06, 2012