The scheduled updates will be for the Internetwork Operating System (IOS) software used by routers and switches that Cisco sells to enterprise and telecommunications industry customers. Other Cisco products, including those from its Linksys division, will continue to be updated as before. The first of these scheduled updates will occur on Wednesday, March 26, and Cisco will continue to release patches on a twice-yearly schedule after that, Cisco said in a note posted Wednesday on its Web site. These firmware updates will ship on the fourth Wednesday of September and March each year.
That's less frequently than the other major vendors that have moved to regular security updates. Microsoft releases its security patches on the second Tuesday of every month; Oracle is on a quarterly update schedule.
Cisco published eight security advisories for IOS security bugs last year. IOS has come under increased scrutiny in recent years as hackers have developed new ways of attacking router software. Because Cisco's routers are so widely used, IOS is considered to be an attractive target for attackers.
Like other companies that have adopted predictable patch schedules, Cisco says it wants to make life easier for its enterprise customers, who can set aside time to test and roll out the patches.
"Our customers ... are asking us to reduce the amount of 'flux' in their networks by bundling patches for multiple security vulnerabilities," the company said in a statement.