An analysis of 330 consumer IoT device manufacturers has revealed five of every six companies (86.7%, 286) don’t allow for vulnerability reporting. This would see them fall foul of new international standards and recently announced plans for a British IoT security law; as well as proposed Australian code of practice and recommendations from the US Dept of Homeland Security.