Code of Practice for consumer IoT security
Jurisdiction
United Kingdom
Region
Europe
Requirement
Recommended
Organization
Department of Science, Innovation, & Technology
Provision
Guideline 2
Applies to
Device manufacturers, IoT service providers, mobile application developers, retailers
Date
October 14, 2018
Description
2. Implement a vulnerability disclosure policy All companies that provide internet-connected devices and services shall provide a public point of contact as part of a vulnerability disclosure policy in order that security researchers and others are able to report issues. Disclosed vulnerabilities should be acted on in a timely manner.