We provide this information to the affected vendors so that they can create patches and protect their customers as soon as possible. We strive to improve the security of our customers with detection content, which protects them while the vendor is creating, testing, and delivering the patch. These patches ultimately remove the vulnerability in question, which increases security not only for our customers but for everyone.
After these patches become available, the Talos detection content becomes public, as well. Talos regularly releases Vulnerability Spotlights and in-depth analyses of vulnerabilities discovered by us. You can find all of the release information via the Talos vulnerability information page here.
The focus of our work is to make sure our customers and their data stay safe. No matter the vulnerability we uncover, we contact and work closely with the software vendor to quickly and responsibly close any attack vectors we find. Our coordinated disclosure policy outlined below ensures the best possible approach to arrive at this goal.
Timeline of actions to be taken by Cisco:
When it comes to closing security vulnerabilities before the bad guys exploit them, our track record proves our dedication to improving the security of our customers as well as the community. In fiscal year 2019, we published 228 advisories resulting in 237 CVEs, in a wide range of software including operating systems, internet-of-things devices, Microsoft ..