IoT Security Foundation launches vulnerability disclosure platform for IoT industry
An online platform designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation (IoTSF). VulnerableThings.com aims to simplify the reporting and management of vulnerabilities while helping IoT vendors comply with new consumer IoT security standards and regulations.
As the first globally applicable standard for consumer IoT cybersecurity, the new ETSI EN 303 645 specification requires IoT vendors - which could include device manufacturers or importers/distributors - to publish a clear and transparent vulnerability disclosure policy; establish an internal vulnerability management procedure; make contact information for vulnerability reporting publicly available; and continually monitor for and identify security vulnerabilities within their products.