A new online platform for IoT vendors to use in receiving, assessing, managing, and mitigating vulnerabilities and reports has been launched by the IoT Security Foundation (IoTSF). The new platform, VulnerableThings.com, is intended to help vendors trying to comply with the terms of a series of new IoT regulations and standards now coming into effect.
California and Oregon, along with Australia, Finland, Singapore, and the UK, have published regulations, laws, or the intent to regulate IoT security in accordance with ETSI EN 303 645, a global standard for consumer IoT security. This standard requires vendors to take a number of steps, including developing clear vulnerability disclosure policies, and monitoring for and identifying vulnerabilities.
According the the announcement launching the platform, "Manufacturers that subscribe to VulnerableThings will have access to a dashboard that will guide them through the vulnerability resolution process and facilitate communication with the reporter."
While vendors ultimately will subscribe to the platform, access to VulnerableThings.com is free until January 31, 2021.