Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
What do you mean, “Patch”?
A shared vision of IoT Security Updates
1
Allan Friedman, PhD Director of Cybersecurity Initiatives, National Telecommunications
and Information Administration, US Department of Commerce
tl;dr
The Department of Commerce is convening an open and consensus-driven multistakeholder process to develop a shared vision of security updates for consumer IoT. We need your help.
2
4
7
8
9
10
Vulnerability Disclosure
13
14
“Just build things securely!”
15
16
17
Why Patching?
18
19
20
21
22
23
“Consumer”
24
Capabilities
Technical Capabilities
Patching Expectati
ons
Patching Potential
Minimum Technical
Capabilities
For given technical capabilities, what type of patching/updating is
possible?
For given aspects of the patching process, what technical features
are necessary?
Standards
26
Communication & Transparency
27
Incentives and Barriers
28
Bullets!
• Goal: shared vision of patching, and a plan to promote this vision.
• Voluntary, community-driven, international. • Cross-sector and inter-disciplinary. • Both technical and policy aspects. • We need your help!
29
How you can help
• Talk to me - [email protected] – What are we doing wrong? – How can we do things better?
• Tell your colleagues. • Join the mailing lists and
working groups. Next meeting: April 26
30