cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

95
Views
1
Helpful
2
Replies
khgrant
Cisco Employee

NSO security testing - what can we share with customers?

 

Hello,

 

I have a question in an RFP asking to explain what security testing has been applied to NSO, and whether we can share any test results.

 

 

Do we have any existing documentation or test results? Are there any security guidelines we can say that NSO is following?

 

 

Thank you

 

 

Stefano

 

1 ACCEPTED SOLUTION

Accepted Solutions
khgrant
Cisco Employee

 

I think you need to reach out to the security audit team in Stockholm. Niclas Eklund, nieklund@cisco.com might know.

 

 

I know there has been quite a few of those braindead port scanners thrown at it over the years. Maybe some of those reports can be published.

 

 

 

/klacke

 

View solution in original post

2 REPLIES 2
khgrant
Cisco Employee

 

I think you need to reach out to the security audit team in Stockholm. Niclas Eklund, nieklund@cisco.com might know.

 

 

I know there has been quite a few of those braindead port scanners thrown at it over the years. Maybe some of those reports can be published.

 

 

 

/klacke

 

khgrant
Cisco Employee

 

Hi, yes we had a conversation on this and I summarised this answer for the RFP below Also here is the main dashboard from where you can go to test results http://wwwin-xmet.cisco.com/cgi-bin/ops/tops/xmet/csdlplatformdetails.cgi?r

 

ecord_number=2796

 

 

 

Stefano

 

‹----

 

NSO is developed according to the guidelines of the Cisco Secure Development Lifecycle described here:

 

http://www.cisco.com/c/en/us/about/security-center/security-programs/secure

 

-development-lifecycle.html

 

 

This is a requirement all Cisco software products have to meet.

 

 

The tools we currently use for vulnerability testing are:

 

 

* IBM Security AppScan,

 

* Tenable Network Security Nessus

 

* Codenomicon Defensics

 

 

We¹re not in a position to share the detailed results of the test suites.

 

 

However the cisco policy for vulnerabilities is here:

 

http://www.cisco.com/c/en/us/about/security-center/security-vulnerability-p

 

olicy.html

 

That policy describes how we actively support our customers in case of vulnerabilities.

 

-----

 

Create
Recognize Your Peers
Content for Community-Ad