|| Obtaining Information on Security Issues Related to
SISCO is committed to providing products that are secure, robust, and cost-effective. This web page is provided as a service to our customers and their users to enable them to obtain information about known security vulnerabilities that may exist in SISCO's products.
Existing CustomersReporting Security Issues Related to SISCO's Products
If you are an existing SISCO customer with an active support and maintenance contract you can already log into the SISCO download center and obtain detailed release notes on the products you have licensed. If you need security related information on any other SISCO products please contact our technical support staff and they will be glad to help you.
If you are a previous customer that had licensed a SISCO software product in the past, either directly, through a value added reseller (VAR), or via a system integrator; but you do not have a current support and maintenance contract, you can still obtain information about known security issues related to the SISCO products that you have by making a request via the following procedure:
SISCO will only use this information to confirm the validity of the license and will only retain this information to keep accurate records of your valid license here at SISCO. Your information will never be shared with any third party without your consent.
End Users of Embedded Products
If you are an end user that has obtained a license to a SISCO software product through an independent software vendor (ISV) that has embedded SISCO software into a product that you purchased from that ISV, it is recommended that you contact the ISV directly for all security related information. Most ISVs use SISCO software in the development process of their own products or include other non-SISCO software components in their product deliverables. In both of these cases this will have a significant impact on the applicability of a given security issue in SISCO's software to your own installation. Only your ISV will be able to advise you as to the applicability of a given security vulnerability to your specific circumstances. SISCO is not able to help you make this determination.
IT IS CRITICAL THAT ALL END USERS OF EMBEDDED PRODUCTS CONTACT THE ISV DIRECTLY TO DETERMINE THE IMPACT OF APPLYING ANY UPDATES TO YOUR SYSTEMS BEFORE APPLYING SUCH UPDATES. Only your ISV will be able to advise you regarding the compatibility of updates that SISCO can provide with the specific configuration of your system.
End users of a software product that contains a license to a SISCO software product embedded by an ISV can obtain security related information on the SISCO products that they have obtained from the ISV by making a request via the following procedure.
SISCO will only use this information to
the validity of the license and will only retain this information to
keep accurate records of your valid license here at SISCO. Your
information will never be shared with any third party without your
consent. SISCO may need to contact your ISV. Please indicate in your
request if you DO NOT wish SISCO to discuss your inquiry with the ISV.
SISCO is committed to a process of continuous improvement on our products. SISCO is very interested in all feedback from customers, users, and security researchers with information on usability, bugs, vulnerabilities, and suggestions for improvements. For best service all existing customers should report any technical support issues, whether they are security related or not, via SISCO's technical support contact. If you have non-security related feedback regarding SISCO's products you can do this via SISCO's technical support contact or by sending an email to SISCO's general information email address.
If you need to report a security vulnerability please follow the following procedure:
If you do not get
acknowledgement within 2 business days of sending a report please
contact us again. If you have difficulties reaching us via email or fax
please phone the operator at: +1-586-254-0020. If you are not receiving
any acknowledgement from SISCO it means that we did not receive your
report. We prefer that you use email or fax to submit the actual
reports and use the phone only for coordination and confirmation.
Although SISCO may take action, SISCO will not ackowledge reports
received from anonymous, pseudonymous, or other unidentifiable sources.
What is a Security Issue or Vulnerability?
While there might be some disagreement among reasonable people as to the difference between a security vulnerability and a "normal" software bug, SISCO is interested in receiving reports of bugs and vulnerabilities regardless of how you classify them. ANY conditions that cause SISCO's software products to behave abnormally in a manner that might disrupt data exchange or affect the integrity of the data being exchanged should be treated very seroiusly and reported to SISCO immediately via the procedure described above.
Existing Security Advisories
Technical Information | Support & Services
© Copyright 2008 SISCO, Inc. All Rights Reserved. All company names, product names, trademarks, and registered trademarks are the property of their respective companies.