Cisco Security Advisory

• Previous message (by thread): Cisco Security Advisory
• Next message (by thread): Cisco Security Advisory
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/28/2014 4:11 PM, Scott Weeks wrote:
> If a person is on multiple of *NOG mailing lists a lot of these're
> received.  For example, I got well over 30 of them this round.  It'd be
> nice to get something brief like this:
>
>
> ----------------------------------------------
> The Semiannual Cisco IOS Software Security Advisory has been released.
>
> For information please goto this URL:
> http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html
>
> Advisory titles:
> - Session Initiation Protocol Denial of Service Vulnerability
> - Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
> - Internet Key Exchange Version 2 Denial of Service Vulnerability
> - Network Address Translation Vulnerabilities
> - SSL VPN Denial of Service Vulnerability
> - Crafted IPv6 Packet Denial of Service Vulnerability
> -----------------------------------------------
>
> Not everyone uses cisco and not everyone needs to see every vulnerability
> detail email multiple times.  Imagine if all vendors started doing what
> cisco is doing.
I hate that it's spam for some and relevant for others, but in the NSP 
world you can almost be certain that someone is going to have at least 
some Cisco equipment (even companies who are known to dislike Cisco 
enough to avoid them religiously have bought other companies who might 
have Cisco gear)

Having the vulnerability in the subject draws attention to the problems 
and makes people less likely to ignore it.   When I see keywords of 
technologies I'm using, like IPv6 or 6500 I tend to read through 
carefully to see if I'm vulnerable.  Because it can be difficult and 
time consuming to see if all your gear is vulnerable, If it's a bug in 
<obscure card I didn't buy one of> or <weird technology I haven't had a 
chance to run> then I'm not as diligent.  I guess I might be selfish 
because seeing 5 advisories at once is like a giant line break in NANOG 
discussions, so it's harder to tune it out and skip the emails :)

They could Bcc: all the lists they are sending to in one set of emails 
so the message-id is the same, then you could filter duplicates at 
least.  Or they could do the summary email like you guys want, whichever 
makes people happy.  :)


> :-(
>
> scott
>

:-(
Robert

• Previous message (by thread): Cisco Security Advisory
• Next message (by thread): Cisco Security Advisory
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]