Four out of five Internet of Things (IoT) device manufacturers are failing basic cybersecurity practices by not providing a way for people to disclose security vulnerabilities in their products – something that can potentially put users of the device at risk of cyberattacks and breaches of privacy.
Research by the IoT Security Foundation (IoTSF) – a tech industry group that aims to help encourage securing the Internet of Things – analysed hundreds of popular IoT product manufacturers and found that only just over one in five advertise a public channel for reporting security vulnerabilities in order for them to be fixed.
The 21% of vendors offering this kind of channel has risen slightly since last year, something that the IoT Security Foundation report describes as “glacial” progress on providing what it describes as “a basic hygiene mechanism”.
SEE: Sensor’d enterprise: IoT, ML, and big data (ZDNet special report)
That’s despite countries around the world including the UK, the US, Singapore, India and Australia as well as the European Union attempting to emphasise the importance of cybersecurity in IoT devices and the ability to be able to make vulnerability disclosures.
The report notes that some of the lack of vulnerability disclosure policy could be