You’re listening to Tech Bytes, a short, sharp sponsored conversation where we grab a technology or concept and see how much juice we can squeeze out of it in about 15 minutes.
Our sponsor today is Arista Networks and we’re going to talk about how software quality and product integrity deliver value to customers.
Our guest is Doug Gourlay, VP and General Manager of Cloud Networking at Arista.
- Why software is more important than hardware in networking
- The operational and security issues that arise from software vulnerabilities
- How code quality affects patches and upgrades
The following section from Doug Gourlay is included to provide context on the numbers discussed in the podcast:
A CVE is a Common Vulnerability or Exposure where a vulnerability is a ‘weakness in the code found in software that, when exploited, results in a negative impact to confidentiality, integrity, OR availability” and an exposure is a “mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.”
CVEs are maintained in an authoritative list by MITRE, under contract to the US Government through the Department of Homeland Security at https://cve.mitre.org.
The data discussed in this podcast was compiled from the MITRE CVE database. The CVSS scores were compiled from the Forum of Incident Response and Security Teams (FIRST) CVSS scoring database.
As of this posting on 26 September 2019, since 1 January 2014 there have been:
- 137 CVEs on Cisco NX-OS
- 217 CVEs on Cisco IOS
- 203 CVEs on Cisco IOS-XE
- 72 CVEs on Cisco IOS-XR
- 5 CVEs on Arista EOS