Security News > 2020 > October > IoT Security Foundation unveils online platform to help IoT vendors report and manage vulerabilities
An online platform designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation.
VulnerableThings.com aims to simplify the reporting and management of vulnerabilities whilst helping IoT vendors comply with new consumer IoT security standards and regulations.
As the first globally applicable standard for consumer IoT cybersecurity, the new ETSI EN 303 645 specification requires IoT vendors - which could include device manufacturers or importers/distributors - to publish a clear and transparent vulnerability disclosure policy; establish an internal vulnerability management procedure; make contact information for vulnerability reporting publicly available; and continually monitor for and identify security vulnerabilities within their products.
Without mechanisms to report, manage and resolve vulnerabilities - such as Co-ordinated Vulnerability Disclosure - the security of consumer IoT products diminishes over time and the risk of attack or abuse increases.
"Vulnerability management is such a fundamental element to IoT cyber-hygiene that it is no surprise that governments and regulators around the world are making this a mandatory requirement," said John Moor, Managing Director of the IoT Security Foundation.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1aHE2l6Polk/
Related news
- Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024 (source)
- Report: Voice of Practitioners 2024 – The True State of Secrets Security (source)
- NIST report on hardware security risks reveals 98 failure scenarios (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)