• Log in
  • About Us
  • Privacy Policy
  • Contact us
Telecoms IT News - VanillaPlus
  • Home
  • News
  • Verticals
    • 4G
    • 5G News
    • Big data analytics
    • Bill & Charge
    • CEM
    • Companies
    • Digital transformation
    • Fraud prevention
    • Managed services
    • Network optimisation
    • NFV Hub
    • OSS
    • People
    • Policy
    • Revenue assurance
    • Revenue management
    • Service assurance
    • Service Provisioning
    • Test & measurement
  • Digital Edition
  • Events
    • Events diary
    • Webinars
  • Videos
  • VP Featured
    • Webinars
    • Podcast
    • Editorial advisory board
    • Expert opinions
    • Hot List
    • Operator View
    • Press releases
    • Reports & whitepapers
    • Special reports
    • Talking Heads
    • Troubleticket
    • Digital Talking Heads
  • Directory
  • Tech Trends
  • Subscribe
 

You are here:

  • Home
  • Business & Markets
  • IoT Security Foundation launches co-ordinated vulnerability disclosure platform for industry

IoT Security Foundation launches co-ordinated vulnerability disclosure platform for industry

19 October, 2020 at 2:46 PM

Posted by: Anasia D'mello

IoT Security Foundation launches co-ordinated vulnerability disclosure platform for industry

An online platform designed to help Internet of Things (IoT) vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation (IoTSF). VulnerableThings.com aims to simplify the reporting and management of vulnerabilities whilst helping IoT vendors comply with new consumer IoT security standards and regulations.

As the first globally applicable standard for consumer IoT cybersecurity, the new ETSI EN 303 645 specification requires IoT vendors – which could include device manufacturers or importers/distributors – to publish a clear and transparent vulnerability disclosure policy; establish an internal vulnerability management procedure; make contact information for vulnerability reporting publicly available; and continually monitor for and identify security vulnerabilities within their products.

Governments around the world including in the UK, Australia, Singapore, Finland and the American states of California and Oregon have already published codes of practice, product labelling schemes or prepared legislation aligned to the standard. Implementing a means to accept vulnerability reports is a common feature of these initiatives. Without mechanisms to report, manage and resolve vulnerabilities – such as Co-ordinated Vulnerability Disclosure (CVD) – the security of consumer IoT products diminishes over time and the risk of attack or abuse increases.

“Vulnerability management is such a fundamental element to IoT cyber-hygiene that it is no surprise that governments and regulators around the world are making this a mandatory requirement,” says John Moor, managing director of the IoT Security Foundation.

“As a world authority on IoT security, IoTSF has published vulnerability disclosure best practices and industry status reports. Our conclusions are that industry must do more to protect their customers and their own businesses. We therefore see the need to drive this vital security practice and aim to help make it as simple as possible with the launch of the Vulnerable Things platform – especially for the uninitiated and firms who may lack resources. The service brokers good communications between researchers and vendors and guides both through the process until complete. We are piloting the service to test the likely demand and gain feedback for users,” Moor adds.

Vulnerabilities can put user safety and personal data at risk and could place an IoT vendor in breach of data protection regulations. Failure by a vendor to respond to a reported vulnerability, whether from a consumer or a specialist security researcher, could result in uncontrolled public disclosure of the vulnerability which would increase the risk of attacks by bad actors. Fixing a vulnerability promptly reduces risks to users, devices, networks and IoT manufacturers.

Matt Warman, the UK Government’s digital infrastructure minister comments: “I welcome this new initiative to help industry improve the security of internet of things devices and boost our burgeoning digital economy while protecting people online. We want everyone to have confidence that the internet-connected products they are buying have stronger security and are working on legislation in this field to help make this a reality.”

Matt Warman

VulnerableThings.com aims to provide an off-the-shelf, user-friendly vulnerability management tool and other valuable member resources including policy templates, issue resolution guidelines and a directory of specialist advisors to help IoT manufacturers prepare for emerging regulations and to maintain compliance. CVD must become an essential part of the culture of successful IoT vendors and needs to be understood and supported by a business’s board of directors, compliance officer, product managers, product development managers, product security, supply chain managers and public relations teams.

Manufacturers that subscribe to VulnerableThings will have access to a dashboard that will guide them through the vulnerability resolution process and facilitate communication with the reporter. Where a vulnerability is reported in a product from a vendor that hasn’t registered with the service, an alert will be sent to a public email address of the manufacturer who will then have the opportunity to securely access the details of the vulnerability report by coming to VulnerableThings.

Access to VulnerableThings.com is available free until January 31st, 2021. Subscribing to the service also provides access to professional support for co-ordinated disclosure announcements.

While vulnerabilities can be reported by any individual anonymously, by registering with VulnerableThings.com, security researchers are provided with a dashboard that allows them to monitor the progress towards resolving vulnerabilities they have reported to different manufacturers. Promoting dialogue between vendors and security researchers will contribute to the success of the IoT ecosystem.

Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus


category: Business & Markets, Companies, Devices and Modules, Network optimisation, News, People, Platforms & Applications, Products & Services, Security

Tags: Internet of Things, IoT, IoT Security, Matt Warman

VanillaPlus Q3 Magazine
 

VanillaPlus Magazine Issue 1 2022: Why IT must catch up with OT to enable 5G monetisation

Is creativity a bridge too far for CSPs? As communications service providers (CSPs) engage in new digital value chains, collaborate with partners and participate in multi-directional business models, George Malim shares a tale of two bridges

READ NOW

Comments are closed.

  • Facebook
  • Twitter
  • YouTube
  • LinkedIn
  • Subscribe
Relax time
Read the new novel by J.J. Cowan on Africa’s conflict minerals trade and forced labour. 5* Reviews on Amazon.co.uk Paperback & Kindle

Check out on Amazon

X

Be the first to know!

  • The top telecom IT news stories of the minute
    in your inbox
  • Exclusive offers for entry into hundreds of
    events worldwide
  • Free access to a huge selection of the latest
    analyst reports and whitepapers
Subscribe now so you don't miss out
Don’t show me this again
Please check your email
x
Vanillaplus - The Global Voice of Telecoms IT
The Global Voice of Telecoms IT

VanillaPlus is the world-leading resource covering digital transformation for the communications industry. VanillaPlus brings you exclusive News, Expert Views, and Event Reviews. See Interviews from CEOs, CTOs, and COOs who are successfully transforming their business today.

Connect

Facebook Twitter YouTube LinkedIn

NEWS

  • Latest Telecoms IT news

DIGITAL EDITION

  • Latest Editions

OTHER

  • Newsletters [Archive]

KNOWLEDGE CENTRE

  • Webinars
  • Special Reports
  • Talking Heads
  • Editorial Advisory Board

COMPANY

  • About
  • Contact Us
  • Terms & Conditions
  • Privacy Policy

PARTNERS

  • IoT News

© 2014-2022 VanillaPlus - The global voice for telecoms IT. All rights reserved.