Summary: The video discusses a webinar hosted by Lori Merer from HackerOne, featuring David Rogers from Copper Horse, covering the 2024 report on global vulnerability disclosure policy (VDP) adoption. The report, which has been conducted for seven years, examines the adoption of VDPs by companies in the IoT consumer space, highlighting the importance of these policies for improving product security. Key findings include a growth in VDP adoption, driven by legislative mandates, the current state of compliance across different sectors, and the need for better engagement between security researchers and manufacturers.
Keypoints:
- The webinar features insights from David Rogers, an author of the global VDP adoption report.
- The report emphasizes the importance of vulnerability disclosure policies in enhancing security for IoT products.
- In 2024, there was an 11.6% growth in the adoption of VDPs, attributed partly to the UK’s Product Security and Telecommunications Infrastructure Act.
- 64.4% of IoT manufacturers still lack a contact method for security researchers, presenting ongoing challenges for vulnerability reporting.
- Enterprise sectors show significantly higher VDP adoption (91.67%) compared to consumer sectors.
- Upcoming regulations in the EU and the US may further necessitate adherence to VDP requirements.
- Legislation and standards are evolving globally to push for greater transparency and accountability in product security.
- Engagement with the security research community is vital for manufacturers to identify and mitigate vulnerabilities.
- The report makes the case for increased transparency in product security to improve consumer choices.
- Non-disclosure policies remain a concern, with only 1.31% of companies having such policies in place, limiting collaboration with researchers.
Youtube Video: https://www.youtube.com/watch?v=CowQQK195Ao
Youtube Channel: HackerOne
Video Published: Fri, 28 Feb 2025 19:31:13 +0000