Code of Practice: Securing the Internet of Things for Consumers

Jurisdiction

Australia

Region

Asia/Pacific

Requirement

Recommended

Organization

Australian Government

Provision

Principle 2

Applies to

Device Manufacturers, IoT Service Providers and Mobile Application Developers

Date

2020

Description

Principle 2: Implement a vulnerability disclosure policy

IoT device manufacturers, IoT service providers and mobile application developers should provide a public point of contact as part of a vulnerability disclosure policy in order for security researchers and others to report issues. Disclosed vulnerabilities should be acted on in a timely manner. Implementing a bug bounty program encourages and rewards the cyber security community for identifying and reporting vulnerabilities, thereby facilitating the responsible and coordinated disclosure and remediation of vulnerabilities.

Primarily applies to Device Manufacturers, IoT Service Providers and Mobile Application Developers.

https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf