Published on November 1, 2023, this report by Rohan Panesar, Mark Neve, and David Rogers of Copper Horse analyzes the implementation of vulnerability disclosure by manufacturers of widely used consumer Internet of Things (IoT) devices, assessing their commitment to best practices in IoT security. Vulnerability disclosure is defined as “the process of identifying, reporting, and patching weaknesses in software, hardware, or services that can be exploited.” The main finding is that 95% of new manufacturers did not engage in vulnerability disclosure. Furthermore, manufacturers of TV, Wi-Fi, networking, and mobile devices had better vulnerability disclosures than those of wearables for leisure, hobbies, health, and fitness. The main takeaway is that changing legal requirements, especially in the UK, will require manufacturers to have vulnerability disclosures.

Keywords: Architecture/Engineering, Audio/Video, Communications, Consumer Electronics, Cybersecurity/Privacy, Internet of Things (IoT), Post-COVID-19, Protocols/Standards, Robotics, Vulnerability Disclosure