.png)
Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review.
The company said it is moving further toward a risk-based disclosure approach, placing greater attention on issues under active exploitation or those considered more likely to be used in attacks.
“Cisco is actively leveraging advanced AI Models to accelerate finding vulnerabilities and driving remediation. Deploying these models into our security processes allows us to find and fix vulnerabilities at a pace previously unattainable,” said Russ Smoak, VP Information Security at Cisco.
Smoak also warned that defenders will not be the only ones using these tools. “At the same time, we recognize that adversaries will also take advantage of these evolving AI capabilities, increasing the urgency and complexity of cybersecurity defense,” Smoak added.
The approach also changes how lower-risk findings are disclosed. Cisco said some internally discovered issues that would previously have received standalone advisories may no longer be published separately.
Instead, the company plans to provide higher-level information about software releases containing security patches and direct customers to security-hardened versions. Additional details describing software changes made to address findings may be published after the initial release.
Detailed disclosures will continue for issues considered critical, findings under active exploitation, and vulnerabilities viewed as more likely to be exploited. Cisco added that its handling of third-party and open-source vulnerabilities will remain unchanged.
“Cisco will use our voice in the vulnerability disclosure space with the intent of driving pragmatic changes that help the industry align and scale to this expected increase in volume,” Smoak concluded.
from Help Net Security https://ift.tt/am2t9QM
0 comments:
Post a Comment