Patchy Performance? Uncovering the Vulnerability Management Practices of IoT-Centric Vendors
Sandra Rivera Pérez, Michel van Eeten, Carlos H. Gañán
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 4
This talk, presented by Sandra Rivera Pérez from Delft University of Technology, delves into a systematic analysis of the **vulnerability management practices** of vendors heavily invested in the Internet of Things (IoT) sector. Collaborating with Michel van Eeten and Carlos H. Gañán, and supported by the Intersect project, the research addresses a critical concern: as smart devices are projected to outnumber traditional ones by 3 to 1 by 2025, the security performance of IoT products becomes paramount. The study specifically investigates whether **IoT-centric vendors**—those predominantly focused on IoT—exhibit different security behaviors compared to their non-IoT-centric counterparts.
AI review
This research provides a critical, evidence-based dissection of IoT vulnerability management, challenging long-held assumptions with rigorous empirical data. It offers invaluable signal for defenders and policymakers, fundamentally shifting how we should assess IoT vendor security. This is not a technical exploit, but it's a foundational piece of security intelligence.