Cisco scraps biannual advisory due to Japan disaster

The company has scrapped a six-monthly security advisory that was supposed to appear in March, as a result of the earthquake and tsunami in Japan
Written by Ben Woods, Contributor

Cisco has cancelled the March edition of its biannual security advisory update, which informs customers of potential security vulnerabilities, as a result of the disaster in Japan.

The networking equipment company normally reveals details of vulnerabilities affecting its Internetwork Operating System (IOS) platform — used on the majority of Cisco routers and switches — in March and September. However, as a result of the earthquake and subsequent events in Japan, the company said on Thursday that it would "defer" the 23 March update until 28 September in order to allow all customers to react to the security disclosures.

"Cisco has a long-standing policy of disclosing vulnerabilities to customers and the public simultaneously to ensure equal access to patched software," the company said in a statement. "Based on recent events in Japan and eastern Asia, we are sensitive to the fact that customers globally are impacted directly or indirectly by these events and may not be able to respond effectively to the scheduled disclosure event."

Cisco reassured customers that, if it finds evidence of any vulnerabilities being exploited in the wild, it will issue an out-of-cycle advisory.

In November, Cisco warned of six critical vulnerabilities in its videoconferencing code that could lead to a hacker gaining root access to the system, allowing them to harvest passwords and take over the system.

Cisco said in February it will focus on the security of its products to bolster its cloud strategy and facilitate higher employee productivity.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards