IoT Security Foundation Publishes Best Practice Guidelines for Consumer Products and Vulnerability Disclosure

Users encouraged to display the Best Practice User mark

Release Date: December 6th 2016

The Internet of Things Security Foundation (IoTSF) has announced the publication of two best practice guidelines alongside its IoT Security Compliance Framework. Both sets of guidelines are aimed at new players that have started to supply IoT class products yet are equally of use to established firms seeking to adopt recognised best practices.

The first of a set of planned guidelines announced today cover Vulnerability Disclosure and Connected Consumer Products. These have been prioritised due to widespread concerns within the unregulated markets of IoT. All of the IoTSF guidelines encompass the founding values of a security-first, fitness-for-purpose and resilient approach to IoT security.

With increasing complexity and dependency on today’s digital infrastructure, all but the simplest of systems will inevitably have security flaws and organisations will have to handle security breaches at some point. Firms that have been doing business on the web already know how to cope with this and those that are just starting to connect their products and services to the Internet can learn from that wealth of experience. The IoTSF Vulnerability Disclosure best practice guidelines give clear, concise and practical advice as to what IoT firms should and also, should not do, to manage third party vulnerability reporting.

The Connected Consumer Products best practice guide also provides clear advice for firms that are bringing IoT class products to market. The guidelines cover the most important security elements to consider when designing a product such as application security, encryption, network connections and software updates. The guidelines take a practical approach and provide a comprehensive overview of the subject matter with additional in-depth materials supplied online.

Richard Marshall, Chair of the IoTSF Plenary Group that produces the best practice guides said “We are delighted to publish our first two best practice guides today. The guides have been written by experts and industry professionals but in a way that does not assume a background in security. They are intended to accelerate users understanding and give clear guidance on how to approach security. There are more best-practice guidelines in the making and we are planning to publish them throughout 2017 as they complement the central IoT security compliance framework we have also published”.

John Moor, Managing Director of IoTSF commented “I’d like to thank the participants of both working groups for their efforts to produce these guidelines as they will help address some of the most pressing issues we see today. IoT is seen as a large opportunity to many due to the connectivity benefits and relatively low barriers to entry in markets such as consumer and the home. The opportunity will continue to draw in new players who may be naïve to the consequences of insecurity. These guidelines will help to address a number of the issues we see today and we need all suppliers to accept a responsibility to provide secure products. We are therefore promoting the concept of a Supply Chain of Trust throughout, and calling on industry leaders to help us propagate that message as it affects us all. To help deliver that “duty of care” message, users of the IoTSF best practice guides are also encouraged to display the Foundation’s ‘Best Practice User’ mark on their marketing materials”.