Upcoming IoT Security Legislation: Vulnerability Disclosure - Part 2
In part one of this two part series of blogs, Crypto Quantique discussed the PSTI Act, one of the requirements of which for IoT device manufacturers is to implement a means to receive reports of issues. The industry term for this is Vulnerability Disclosure.
Read part one of this blog here
What is Vulnerability Disclosure?
The European Union Agency for Cybersecurity (ENISA) defines vulnerability disclosure as “The process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited”. The idea is that security researchers find vulnerabilities in an organisation’s hardware or software and have a dedicated channel through which they can report their findings to that organisation. Coordinated vulnerability disclosure (CVD) is the industry recommended best-practice implementation of this, and is where the researcher works with the vendor or a coordinator intermediary to rectify the problem they have identified.
Why is CVD important?
To understand why vulnerability disclosure is important, it is first necessary to understand what a vulnerability is. A vulnerability is described by ETSI as a security bug or defect in a system, product or service; when an exploit takes place it is done so by taking advantage of one or more vulnerability. Vulnerability disclosure is a method by which organisations can, outside of regular security testing, become aware of vulnerabilities in its systems. In recent years vulnerability disclosure has received great attention from industry and now governments, with vulnerability disclosure being a requirement of both the UK’s PSTI Act and the EU Cyber Resilience Act (CRA).
To read the full article, click here
Related Semiconductor IP
- SLVS Transceiver in TSMC 28nm
- 0.9V/2.5V I/O Library in TSMC 55nm
- 1.8V/3.3V Multi-Voltage GPIO in TSMC 28nm
- 1.8V/3.3V I/O Library with 5V ODIO & Analog in TSMC 16nm
- ESD Solutions for Multi-Gigabit SerDes in TSMC 28nm
Related Blogs
- Verifying Processor Security, Part 2
- Redefining XPU Memory for AI Data Centers Through Custom HBM4 – Part 2
- EDA Carnivores, part 2: Apache acquires Sequence Design
- ST-Ericsson (Part 2): Diverse Offering
Latest Blogs
- Half of the Compute Shipped to Top Hyperscalers in 2025 will be Arm-based
- Industry's First Verification IP for Display Port Automotive Extensions (DP AE)
- IMG DXT GPU: A Game-Changer for Gaming Smartphones
- Rivos and Canonical partner to deliver scalable RISC-V solutions in Data Centers and enable an enterprise-grade Ubuntu experience across Rivos platforms
- ReRAM-Powered Edge AI: A Game-Changer for Energy Efficiency, Cost, and Security