Cisco Online Seminar - Cisco Systems

Automating Cisco IOS Software Vulnerability Assessment

Learn about security automation, machine readable content, and Cisco IOS Vulnerability Assessments

Automating Cisco IOS Software Vulnerability Assessment
Original webcast: Tuesday, April 23, 2013, at 7 a.m. PDT San Francisco (UTC -7 hours). This corresponds to 10 a.m. EDT New York (UTC -4 hours), 3 p.m. London (UTC +1), or 4 p.m. Paris (CEST UTC +2).

Cisco’s Product Security Incident Response Team (PSIRT) is including Open Vulnerability and Assessment Language (OVAL) definitions in Cisco IOS Software security advisories. OVAL provides a structured and standard machine-readable content that allows customers to quickly consume security vulnerability information and identify affected devices. OVAL can also be used to verify that the patches or fixes that resolve such vulnerabilities were successfully installed. In addition to OVAL definitions, the Product Security Incident Response Team (PSIRT) is also publishing Common Vulnerability Reporting Framework (CVRF) content for all Cisco security advisories. CVRF allows vendors to publish security advisories in an Extensible Markup Language (XML) machine-readable format. CVRF has been designed by the Industry Consortium for Advancement of Security on the Internet (ICASI), of which Cisco is a member and took a major role in its development.

During this live event, Cisco expert Omar Santos will discuss how customers can use OVAL to quickly assess the effects of security vulnerabilities in Cisco IOS Software devices. Santos will provide step-by-step instructions on how to use OVAL content with available open source tools. Join us to learn more about security automation and machine-readable content and ask questions to Cisco experts.

Omar Santos is an incident manager with Cisco's PSIRT. He has designed, implemented, and supported numerous secure networks for Fortune 500 companies and the U.S. government, including the U.S. Marine Corps and the U.S. Department of Defense. He is also the author of many Cisco online technical documents and configuration guidelines. Prior to his current role, he was a technical leader within the World Wide Security Practice and Cisco's Technical Assistance Center (TAC), where he taught, led, and mentored many engineers within both organizations. He is an active member of the InfraGard organization. InfraGard is a cooperative undertaking between the Federal Bureau of Investigation and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants that is dedicated to increasing the security of the critical infrastructures of the United States of America. Santos has also delivered numerous technical presentations to Cisco customers and partners; as well as executive presentations to CEOs, CIOs, and CSOs of many organizations. He is also the author of these Cisco Press books: Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance; Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting; End-to-End Network Security: Defense-in-Depth; and Cisco ASA: All-in-One Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (2nd Edition).

For more information about this topic and to ask questions to the expert for two weeks after the webcast, visit

You can win prizes if you attend; fill out the survey after attending the live event. We look forward to your participation.


  • Introduction the Cisco Product Security Incident Response Team (PSIRT)
  • An Overview of Security Automation and the Open Vulnerability and Assessment Language (OVAL)
  • Cisco’s security vulnerability disclosure procedures
  • Cisco IOS vulnerability assessment and machine readable security content
  • Technical deep-dive and demo of OVAL with open source tools

Need Help? Report problems or request assistance: Help Desk.

Cisco only privacy policy: You are being invited to attend a Cisco-sponsored event. By providing your contact details, a representative may contact you regarding this event. All personal information will be handled in accordance with Cisco's privacy notice.

Event Summary

  • Event type: Online Event
  • On Demand
  • Duration: 90 minutes

Who Should Attend

This event is open to all, including partners.

  • Education
  • Government
  • Health Care
  • Service Provider
  • Small / Medium Business
  • Channels