Computer Incident Response and Product Security

Chapter 11. Security Vulnerability Handling by Vendors

This chapter covers the process of handling security vulnerabilities. Although this description is strongly influenced by an existing process used by Cisco, this text is not the exact description of the process used by Cisco. This chapter deviates from Cisco practice in places and introduces new elements. The purpose of this chapter is to provide a description of a general vulnerability handling process that can be adopted by many vendors rather than a detailed description of the process of a single vendor.

Known Unknowns

It was Mr. Donald Rumsfeld who used the phrase “known unknowns,” and we will have to borrow it here. A certain level of nonobjectivity exists in handling security vulnerabilities. ...

Get Computer Incident Response and Product Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Computer Incident Response and Product Security by

Chapter 11. Security Vulnerability Handling by Vendors

Known Unknowns

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly