IoT Security Foundation (IoTSF) has launched an online platform designed to help IoT vendors receive, asses, manage and mitigate vulnerability.
VulnerableThings.com aims to simplify the reporting and management of vulnerabilities whilst helping IoT vendors comply with new consumer IoT security standards and regulations.
“Vulnerability management is such a fundamental element to IoT cyber-hygiene that it is no surprise that governments and regulators around the world are making this a mandatory requirement,”said John Moor, Managing Director of the IoT Security Foundation.
“As a world-leading expert authority on IoT security, IoTSF has published vulnerability disclosure best practices and industry status reports. We conclude that the industry must do more to protect their customers and their businesses. We, therefore, see the need to drive this vital security practice and aim to help make it as simple as possible with the launch of the Vulnerable Things platform – especially for the uninitiated and firms who may lack resources. The service brokers good communications between researchers and vendors and guides both through the process until complete.”
“We are piloting the service to test the likely demand and gain feedback for users.” Matt Warman, the UK Government’s Digital Infrastructure Minister said: “I welcome this new initiative to help industry improve the security of internet of things devices and boost our burgeoning digital economy while protecting people online. We want everyone to have confidence that the internet-connected products they are buying have stronger security and are working on legislation in this field to help make this a reality.”
The new ETSI EN 303 645 specification requires IoT vendors – which could include device manufacturers or importers/distributors – to publish a clear and transparent vulnerability disclosure policy; establish an internal vulnerability management procedure; make contact information for vulnerability reporting publicly available, and continually monitor for and identify security vulnerabilities within their products.
VulnerableThings.com aims to provide an off-the-shelf, user-friendly vulnerability management tool and other valuable member resources including policy templates, issue resolution guidelines and a directory of specialist advisors to help IoT manufacturers prepare for emerging regulations and to maintain compliance.