Work In Progress
A major part of the IoD project is to help vendors understand that the security and privacy of their customers should be be among their highest priorities. Whether they know it or not, these vendors are now software vendors, at least in part. This shift requires a different approach than the industry was previously used to.
As part of this, we are working on providing guidance documents and a framework for vendors to work with researchers by establishing a vulnerability disclosure program. This establishes a clear and proper channel and process for researchers to report potential vulnerabilities to vendors so that they are addressed and promptly fixed.
The companion portion to this external facing program is guidance for the vendors to establish an internal program to ensure a secure software development lifecycle and prevent vulnerabilities from occurring in the first place.
Wrapping all of this is a set of best practices and guidance for the basics of what IoD devices, software and back end systems should be doing at a minimum to protect their customers, as well as themselves.
We are hoping that by providing this guidance, we can help raise the bar of security in the industry, something that is in theirs and their customers best interests.
Keep watching this space as we build this important resource with the help of our Vendor Partners