Reporting Security Problems In Cisco Products - Cisco Catalyst 3020 Getting Started Manual

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release
them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a
vulnerability in a Cisco product, contact PSIRT:
• For Emergencies only — security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for
which a severe and urgent security vulnerability should be reported. All other conditions are
considered nonemergencies.
• For Nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example,
Tip
GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with
information that has been encrypted with PGP versions 2.x through 9.x.
Never use a revoked or an expired encryption key. The correct public key to use in your
correspondence with PSIRT is the one linked in the Contact Summary section of the Security
Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone
numbers before sending any sensitive material to find other means of encrypting the data.
27