Live Discussion: The Critical Need for Vulnerability Disclosure in the IoT Security Landscape
Only 10% of IoT vendors disclose timelines for acknowledging and resolving reported threats—and a staggering 73% of consumer IoT companies are in breach of the Product Security and Telecommunications Infrastructure (PSTI) Act, with no vulnerability disclosure policy (VDP) at all.
Join David Rogers, MBE, chair of the Fraud and Security Group at the GSMA, and Laurie Mercer, Director of Solutions Engineering at HackerOne, as they discuss the state of vulnerability disclosure in global consumer IoT, and strategies you can adopt to implement a transparent, productive, and compliant VDP at your organization.
- Understanding VDP policy trends and projections and how they affect you
- Learn which companies pass the disclosure threshold test (and which ones fail)
- Get policy recommendations for incentivizing security researchers
- Discover how IoT leaders like Samsung, Apple, and Panasonic structure their VDPs
David Rogers MBE
Founder and CEO at Copper Horse Ltd
David chairs the Fraud and Security Group at the GSMA. He authored the UK’s ‘Code of Practice for Consumer IoT Security’, in collaboration with UK government and industry colleagues and currently sits on the UK’s Telecoms Diversification Advisory Council.
He lectured in Mobile Systems Security at the University of Oxford from 2012-2019 and served as a Visiting Professor in Cyber Security and Digital Forensics at York St John University. From 2015-2022 he sat on the Executive Board of the Internet of Things Security Foundation. He was awarded an MBE for services to Cyber Security in the Queen's Birthday Honours 2019.
Director, Solutions Engineering, HackerOne
Laurie is a security consultant at HackerOne, the world’s most popular vulnerability disclosure platform. His primary focus is on vulnerability disclosure best practice, operations and policy. Laurie has a strong technical background, having worked as both a developer, penetration tester and security consultant for nearly 20 years – he loves to find and fix vulnerabilities. He has worked with customers as diverse as The UK Government and Asian tech firms in various roles involving software, security and pedagogy.