Consumer IoT Security Guidance

Implement a Vulnerability Disclosure Policy

New standards and regulatory change means organisations need to ensure they are prepared to receive and manage vulnerability reports and follow coordinated vulnerability disclosure best practices. This is an important provision because without mechanisms to report, manage and resolve vulnerabilities, the security of consumer IoT products will diminish over time – and the likelihood of attack or abuse will increase.

The IoTSF Consumer IoT Security Quick Guides build upon the new ETSI EN 303 645 specification on consumer IoT cybersecurity. It is the first international standard of its kind and governments are publishing Codes of Practice (e.g. the UK and Australia) and preparing new legislation (e.g. the UK) based on the standard.