The Critical Need for Vulnerability Disclosure in the IoT Security Landscape

Logo
Presented by

David Rogers MBE Founder and CEO at Copper Horse Ltd. and Laurie Mercer Director, Solutions Engineering, HackerOne

About this talk

Only 10% of IoT vendors disclose timelines for acknowledging and resolving reported threats—and a staggering 73% of consumer IoT companies are in breach of the Product Security and Telecommunications Infrastructure (PSTI) Act, with no vulnerability disclosure policy (VDP) at all. David Rogers, MBE, chair of the Fraud and Security Group at the GSMA, and Laurie Mercer, Director of Solutions Engineering at HackerOne, discuss the state of vulnerability disclosure in global consumer IoT, and strategies you can adopt to implement a transparent, productive, and compliant VDP at your organization. Key Takeaways: -Understanding VDP policy trends and projections and how they affect you -Learn which companies pass the disclosure threshold test (and which ones fail) -Get policy recommendations for incentivizing security researchers -Discover how IoT leaders like Samsung, Apple, and Panasonic structure their VDPs
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (123)
Subscribers (11877)
HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.