The Need for a Strong CVE Program

The Need for a Strong CVE Program

The Common Vulnerabilities and Exposures (CVE) program has long served as the foundation for standardized vulnerability disclosure and management, enabling effective communication and remediation strategies across the industry. As the cybersecurity community grapples with a potential lapse in the stewardship of the CVE program, organizations worldwide could face challenges in maintaining consistent vulnerability identification and tracking, especially in open-source software. Cisco’s Commitment to Transparent Vulnerability Disclosure Cisco is committed to transparency and vulnerability disclosure practices…

Read More

Labels for Consumer IoT Devices? Cisco’s View

Labels for Consumer IoT Devices? Cisco’s View

In its August 10, 2023, Notice of Proposed Rulemaking (NPRM) on Cybersecurity Labeling for Internet of Things (IoT), the Federal Communications Commission (FCC) asked some intriguing questions about how to improve consumer confidence and understanding of the security of IoT devices. The NPRM seeks input on whether and how the FCC should establish a cybersecurity certification and labeling program. According to the NPRM, more than 25 billion connected IoT devices are predicted to be in…

Read More