Cisco PSIRT regularly discloses vulnerabilities in Cisco IOS Software on the fourth Wednesday in March and September via the Cisco IOS Security Advisory bundle. The next bundled disclosure was planned for Wednesday, March 23, 2011, but Cisco will defer this disclosure until the next scheduled Cisco IOS bundle on September 28, 2011.
Cisco has a long-standing policy of disclosing vulnerabilities to customers and the public simultaneously to ensure equal access to patched software. Based on recent events in Japan and eastern Asia, we are sensitive to the fact that customers globally are impacted directly or indirectly by these events and may not be able to respond effectively to the scheduled disclosure event.
This regional disaster has not affected the ability of Cisco to disclose vulnerability information. In keeping with our policy, if we see evidence of active exploitation of a vulnerability that could lead to increased risk for Cisco customers, we will disclose appropriate information out of cycle.