Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/29/2015
04:25 PM
Dark Reading
Dark Reading
Products and Releases
100%
0%

Online Trust Alliance Releases New Internet of Things Trust Framework to Address Global Concerns

Business and government leaders to attend upcoming summit to roll out IoT security, privacy and sustainability code of conduct

BELLEVUE, Wash. – Oct. 28, 2015 – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, today released the last-call update of the Internet of Things (IoT) Trust Framework. The Framework is a comprehensive global initiative that provides guidance for device manufacturers and developers to enhance the security, privacy and sustainability of connected home devices, wearable fitness and health technologies, and the data they collect.

The newest version includes U.S. and international feedback from more than 100 companies and organizations ranging from major retailers and device manufacturers to security and privacy subject matter experts including Underwriters Laboratories, the National Association of Realtors, the Center for Democracy and Technology, the International Telecommunications Union (ITU) and the European Union Agency for Network and Information Security. Underscoring the collaboration behind this effort, standards bodies and other working groups including I Am The Cavalry and BuildItSecure.ly provided insights from their work and testing in other key IoT segments. This multi-stakeholder effort is a major step forward in what may ultimately serve as a foundation for an international certification program.

OTA also announced today that it will hold an all-day Summit in Washington D.C. on Nov. 18 for the general security and privacy community. This Summit will review and discuss the Framework’s final criteria and implementation guidelines, and solicit input for the forthcoming self-regulatory code-of-conduct and planned certification programs. To attend OTA’s IoT Trust Framework Summit, register here.

“As someone with a long career in the technology industry and as an entrepreneur, I know firsthand how quickly technologies have developed to become critical to our daily lives,” said Congresswoman Suzan DelBene (WA-01), who co-chairs the Congressional IoT Caucus. “We’re in the dawn of a new innovation era, with everything from cars to wristbands connecting to the Internet. But we don’t want to wake up one morning to find ourselves asking, ‘Who hacked my coffeemaker?’ Lawmakers and industry leaders like the OTA need to work together to ensure we’re protecting consumers while also enabling these new technologies to thrive.”

Global Feedback 

After releasing an early draft for public comment in August, OTA received worldwide feedback from organizations, individuals, NGOs and government entities supporting the Framework’s goals and recognizing the global need for concrete IoT guidelines. Industry support includes AVG Technologies, DigiCert, Identity Guard, LifeLock, Mark Monitor, Microsoft, SiteLock, Symantec, TRUSTe, Verisign and others.

“The Trust Framework represents a significant level of international collaboration. Organizations, advocate groups and NGOs through the world have recognized the importance and criticality of developing a baseline Framework to help protect consumers, businesses and the associated data,” said Craig Spiezle, Executive Director and President of the Online Trust Alliance. “Unfortunately, in this rush to market we have witnessed the perils of the lack of robust security and responsible privacy practices. The Trust Framework has been designed to address these issues and represents a significant step forward to protect consumers and their data today and in the years ahead.” 

OTA IoT Framework Goals

The improvements to the newly revised Framework further advance OTA’s key objectives:

·       Deliver guidance to manufacturers and developers to help reduce attack surface and vulnerabilities, and adopt responsible privacy and data stewardship practices.

·       Drive the adoption of “privacy and security by design” as a model for a voluntary, yet enforceable code of conduct.

·       Provide positive affirmation and recognition to companies, products, and retailers who embrace the code of conduct and meet minimum standards.

·       Publish the criteria and mechanisms leading an enforceable code of conduct and certification program.

To review the Framework, provide feedback, or find information on joining the IoT Working Group, go to https://otalliance.org/IoT.

About OTA: 

The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...