It worked for Microsoft, and it seems to have worked for Oracle — releasing security patches on a set schedule instead of rolling them out whenever they may be ready. Now Cisco is giving it a try.
The networking giant announced that starting March 26, it will release bundles of IOS security advisories on the fourth Wednesday of the month in March and September of each calendar year. That means IT admins can expect some Cisco security patches on March 26.
“Cisco is adopting this approach in response to extensive feedback from customers, who seek further predictability for support planning and deployment cycles. This schedule change will not restrict us from promptly publishing an individual IOS security advisory for a serious vulnerability which is publicly disclosed or for which we are aware of active exploitation. The current format of IOS security advisories will remain the same. The software table in the advisory includes a list of recommended releases (where possible) for each software train that addresses all of the security vulnerabilities included in the bundle.”
I’ve talked to plenty of IT admins who like that they can plan their Microsoft and Oracle patching cycles around a set schedule from the vendor, so this would seem to be a smart move on Cisco’s part.