The Everything Feed - All Packet Pushers Pods PP084: Inside the CVE Process With Cisco (Sponsored)
Oct 30, 2025
Join Osman Hashmi, a Principal Engineer at Cisco, Marco Cassini from the Product Security Incident Response Team, and Joe Malcolm, the CISO for Infrastructure Engineering, as they dive into the intricate world of CVEs. They discuss the crucial roles of various organizations in vulnerability management, the complexities of CVSS scoring, and the importance of responsible disclosure. The trio also explores how Cisco collaborates with customers on patch validation and the rising demand for Software Bill of Materials (SBOMs). Plus, they tackle infrastructure resiliency and innovative AI solutions in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Exploit Status Versus Base Scoring
- Known exploits do not change the CVSS base score but affect temporal/other metrics and prioritization.
- CISA's Known Exploited Vulnerabilities list flags issues for urgent action.
Inside Cisco's PSIRT Team
- Cisco PSIRT (PCERT) has operated for decades and publishes public security advisories tied to CVEs.
- The team of ~30 specialists works globally with engineering to validate and disclose vulnerabilities.
Automate Regression Tests From Incidents
- Reproduce reported vulnerabilities and then automate regression tests for validated triggers.
- Add these automated tests into the release pipeline to prevent regressions.