IoT vendors faulted for slow progress in setting up vulnerability disclosure programs

IoT (Internet of Things) vendors are lagging behind in making it possible for security researchers to report bugs. Only 27.1% currently have a vulnerability disclosure policy, as shown in the latest annual report from the IoT Security Foundation (IoTSF). This complacency could be a major risk for consumers, and contravene recently enacted UK regulations that require such policies, with stiff penalties for non-compliance. Vendors based in Asia are more advanced in this area, with over twice as many having proper disclosure programs compared to European suppliers.