IoT Security Foundation Launches Vulnerability Disclosure Platform

A platform to allow IoT vendors to simplify the reporting and management of vulnerabilities has been launched by the Internet of Things Security Foundation (IoTSF).

With the ETSI EN 303 645 specification requiring IoT vendors to publish a clear and transparent vulnerability disclosure policy, establish an internal vulnerability management procedure, make contact information for vulnerability reporting publicly available and continually monitor for and identify security vulnerabilities within their products, the IoTSF has launched VulnerableThings.com in order to help IoT vendors comply with legislation.

Designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports, VulnerableThings.com aims to provide a vulnerability management tool to help IoT manufacturers prepare for emerging regulations and to maintain compliance. Access to VulnerableThings.com is available free until January 31 2021 and manufacturers that subscribe will have access to a dashboard that will guide them through the vulnerability resolution process and facilitate communication with the reporter.

Where a vulnerability is reported in a product from a vendor that hasn’t registered with the service, an alert will be sent to a public email address of the manufacturer who will then have the opportunity to securely access the details of the vulnerability report.
Support the originator by clicking the read the rest link below.