Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

IoT Security Foundation Launches

The Internet of Things Security Foundation (IoTSF), a collaborative initiative aimed at addressing concerns regarding the security of IoT, launched publicly in London this week.

The Internet of Things Security Foundation (IoTSF), a collaborative initiative aimed at addressing concerns regarding the security of IoT, launched publicly in London this week.

The foundation’s executive board includes security experts and several technology organizations, including BT, Vodafone, Imagination Technologies, Royal Holloway University of London, Copper Horse Solutions, Secure Thingz, NMI and PenTest Partners. 

Industry veteran John Haine was appointed inaugural chairman.

IoT Security Foundation LogoIoTSF’s creation is the result of an eight month investigative and consultative process, the foundation said, explaining that Its initial focus will be on “promoting excellence in IoT security”, in order to make devices safe to connect. The organization will also make a self-certification for product developers available.

The Foundation was created as a non-profit, technology neutral body and is not a standards body, thoug it plans on collaborating with existing standards and will initially target technology providers, systems adopters and end users.

“The formation of the Internet of Things Security Foundation has been through a rigorous process to make sure it is fit for purpose. With so many concerns and a new complexity of security in IoT, it is important that we now start the necessary work in earnest to address known, yet not always addressed, and emerging vulnerabilities,” John Moor, VP Segment Development at NMI and IoTSF Director said.

“The scale and scope of the issues are formidable and as such they require a formidable response. This can only be achieved effectively by working together, so I am delighted to announce IoTSF is open for business and invite organizations to back the mission and join us. Together we can raise standards and make it harder for criminals, adversaries and rogues of all denominations to exploit us,” he added. 

IoTSF is funded by a low-cost membership model,, but the organization also accepts donations from entities interested in supporting its mission. Membership is now open to stakeholder organizations worldwide.

The organization also announced plans for its inaugural conference, scheduled to take place on Dec. 1 at the recently refurbished Savoy Place in London.

The IoT market is still in its infancy and, as it grows, it opens all companies around the world to new security risks, as Agiliance’s Torsten George explains in a recent SecurityWeen column. According to an HP study, 70% of IoT devices are vulnerable to digital attacks.

Learn About IoT Security at the 2015 ICS Cyber Security Conference

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.