Live Discussion: The Critical Need for Vulnerability Disclosure in the IoT Security Landscape

Only 10% of IoT vendors disclose timelines for acknowledging and resolving reported threats—and a staggering 73% of consumer IoT companies are in breach of the Product Security and Telecommunications Infrastructure (PSTI) Act, with no vulnerability disclosure policy (VDP) at all.

Join David Rogers, MBE, chair of the Fraud and Security Group at the GSMA, and Laurie Mercer, Director of Solutions Engineering at HackerOne, as they discuss the state of vulnerability disclosure in global consumer IoT, and strategies you can adopt to implement a transparent, productive, and compliant VDP at your organization.

Key Takeaways:

  • Understanding VDP policy trends and projections and how they affect you
  • Learn which companies pass the disclosure threshold test (and which ones fail)
  • Get policy recommendations for incentivizing security researchers
  • Discover how IoT leaders like Samsung, Apple, and Panasonic structure their VDPs

Watch on-demand


David Rogers

David Rogers MBE

Founder and CEO at Copper Horse Ltd

David chairs the Fraud and Security Group at the GSMA. He authored the UK’s ‘Code of Practice for Consumer IoT Security’, in collaboration with UK government and industry colleagues and currently sits on the UK’s Telecoms Diversification Advisory Council.

He lectured in Mobile Systems Security at the University of Oxford from 2012-2019 and served as a Visiting Professor in Cyber Security and Digital Forensics at York St John University. From 2015-2022 he sat on the Executive Board of the Internet of Things Security Foundation. He was awarded an MBE for services to Cyber Security in the Queen's Birthday Honours 2019.

Laurie Mercer

Laurie Mercer

Director, Solutions Engineering, HackerOne

Laurie is a security consultant at HackerOne, the world’s most popular vulnerability disclosure platform. His primary focus is on vulnerability disclosure best practice, operations and policy. Laurie has a strong technical background, having worked as both a developer, penetration tester and security consultant for nearly 20 years – he loves to find and fix vulnerabilities. He has worked with customers as diverse as The UK Government and Asian tech firms in various roles involving software, security and pedagogy.