Feeds

Cisco hops onto patching treadmill

Network giant wheels out bi-annual IOS update cycle

Top 5 reasons to deploy VMware with Tegile

Cisco has taken a leaf out of Microsoft's book by adopting a regular patch release cycle. However, the change will apply only to security bugs involving its core IOS software and not all its products.

Starting on 26 March, Cisco will release bundles of IOS security advisories on the fourth Wednesday of March and September in each calendar year.

The networking giant gave itself room for manoeuvre by reserving the right to publish out of sequence patches in cases where serious security vulnerabilities are publically disclosed or for bugs which become the target of active exploitation.

Cisco will continue to issue security advisories for products other than IOS, its network operating system that features on a wide range of Cisco switches and routers, as and when needed. For example, future security updates to VoIP kit will be published without reference to any regular patch release schedule, according to Cisco's pre-existing standard disclosure policy.

As with Microsoft and Oracle before it, Cisco explained the change is the result of customer requests for greater predictability over the timing of patch releases. Its patch cycle is less frequent than Oracle's quarterly release schedule and Microsoft's infamous Patch Tuesday updates, partly because network security updates are often trickier to test and roll out than application or operating system patches.

The format of Cisco's advisory will remain unchanged, as explained here. ®

Internet Security Threat Report 2014

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.