Cisco Revamps Patch Release Schedule

The routing and switching giant will release bundles of IOS security alerts on the fourth Wednesday of the month in March and September each year.

Cisco Systems is moving to a predictable patch release cycle for security advisories affecting its Internetwork Operating System.
The routing and switching giant is planning to release bundles of IOS Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.
The new policy begins March 26 and only affects IOS advisories, the company said in a notice posted online.
All other non-IOS Cisco security vulnerabilities will continue to be announced per Cisco's standard disclosure policy. Cisco generally ships product patches every week, mostly on Tuesdays.
Cisco IOS software is used to power routing, switching, internetworking and telecommunications functions on most Cisco Systems routers and all current Cisco network switches. The software package also includes a multitasking operating system.
Cisco says the twice-a-year patch release cycle "will not restrict us from promptly publishing an individual IOS security advisory for a serious vulnerability which is publicly disclosed or for which we are aware of active exploitation."
"Cisco is adopting this approach in response to extensive feedback from customers, who seek further predictability for support planning and deployment cycles," the company added, noting that the existing format of IOS Security Advisories will not see any changes.
Cisco is following two other high-profile vendors on the predictable patch release cycle train. Microsoft was the first to adopt a Patch Tuesday cycle for its Windows updates while Oracle has implemented a quarterly update process on prescheduled dates.
Cisco and Oracle have led the way in its adoption of the CVSS (Common Vulnerability Scoring Standard), the vendor-neutral system for rating software severity risk.