Undergraduate Student, University of the West of England
Rohan is a 3rd year economics student at the University of the West of England. Over the summer of 2020 he interned at Copper Horse, conducting research on vulnerability disclosure. Following this internship Rohan decided to write his final year project about the economics of vulnerability disclosure. Rohan has also had work experience at Nvidia and Octopus Ventures.
“Shining the Light of Truth: a journey into vulnerability disclosure practices at consumer IoT product companies”
Governments around the world have, in recent years signalled the need for companies to implement good practice on IoT security. Vulnerability disclosure is a big and publicly visible part of that.
In 2018, Copper Horse produced a report for the IoT Security Foundation which showed that less than 10% of consumer IoT product companies had any way of security researchers contacting them to report vulnerabilities.
A year later and the situation had only slightly improved to 13%. The way a company publicly approaches vulnerability disclosure handling is a good indicator of a company’s overall stance towards product security and unfortunately the global situation does not appear to be good. As we head into 2021, with international standards published and legislation imminent, will companies have finally understood that they must take steps to improve IoT product security?