A new report on consumer IoT security has said the adoption of vulnerability disclosure in the Internet of Things (IoT) sector remains unacceptably low (just 21.6 percent of firms surveyed had a readily detectable policy in place). Based on these findings, almost 4 out of 5 companies are failing to provide the very basic security hygiene mechanism to allow security vulnerabilities to be reported to vendors so they can be fixed.
Published on Nov. 4, 2021, the latest IoT Security Foundation (IoTSF) consumer IoT security report examining the adoption of vulnerability disclosure in IoT – commissioned by the IoTSF and prepared by Copper Horse – found little improvement on last year’s figures. The overall trend, while moving in the right direction, remained far short of what’s needed to bolster confidence in the security of IoT products, said the report. Given the persistently slow pace of voluntary adoption, regulatory wheels had started turning to force companies to think more seriously about their vulnerability disclosure processes.
The slow pace of vulnerability disclosure adoption by IoT providers continues to put users at risk by failing to maximise the opportunity to close gaps in product security (the percentage of firms surveyed with a readily detectable policy in place is up just 2.7 percent on findings for 2020).
Anticipating forthcoming legislation, only 21 out of the more than 300 IoT providers surveyed would meet modest regulatory requirements, the report added.
Click here to read the rest.