Featured Article from Software Licensing
The FTC's Infeasible IoT Software Security Challenge
As more “smart” devices show up in our households and workplaces, there’s no question that things are getting smarter. There’s also no question that these devices are a prime opportunity for hackers looking for financial gain or simply to cause mayhem.
In an effort to find a solution, the Federal Trade Commission (FTC (News - Alert)) recently announced a crowdsourced challenge for developers to create a security tool – either a physical device or a cloud-based solution -- that can detect known vulnerabilities in devices. The IoT Home Inspector Challenge will award a cash prize of up to $25,000 for the best technical solution, with up to $3,000 available for three honorable mentions. (Recall that the FTC did the same thing in 2013 to encourage the development of solutions to block unwanted robocalls. The winning solution, NoMoRobo, has been quite successful and to date has blocked 187 million unwanted automated marketing calls.)
Whether the new challenge will be as successful as NoMoRobo, however, is unknown. Experts have weighed in on the challenge and noted that it’s going to be difficult for developers to meet the challenge and find one solution that will work across all device vendors. Flexera’s vice president of product management, Mathieu Baissac, told Software Development Times that it should be up to the IoT device or solution makers to let users know when there are defects, since buyers may have neither the time or knowledge to know when their devices need to be updated. Instead, IoT providers should be sending users automated and secure patches.
“They need to, or they should, consider penetration testing,” he said. “You say, ‘I’ll hire a hacker or a hacker-like person who will try to attack my device and make sure it’s bulletproof.’ The other thing that we want to do is if there are any open-source components, [you need to] make sure you know what the components are and make sure you stay on top of any security vulnerabilities in those components.”
It's also the responsibility of device and solution makers to ensure they are securing their products properly. Often, software vendors don’t write their own communication package, so many vendors have OpenSSL or something equivalent, said Baissac.
“It’s important that they keep track of those components so they are not hacked,” he told SD Times’ Madison Moore.
Consumers and businesses should avoid buying IoT devices that cannot “call home” to determine if they have the latest security update, and vendors need to ensure there are no security holes in their products by pushing updates from devices remotely.
Edited by Maurice Nagle
See For Yourself Why So Many Trust Flexera Software Solutions
Featured White Papers / eBooks
Report: Software Licensing 2016: Seismic Shifts - Shaky Foundations
Key Trends in Software Pricing & Licensing Survey - 2016 Report...
eBook: How Can You Monetize the Internet of Things?
This eBook provides 5 tips for leveraging your intelligent devices and apps to gain higher revenues, competitive advantages and lower costs as well as discusses software monetization and licensing use cases and success stories...
eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution
Read this eBook that arms you with 10 reasons to buy - and not build - that can be used to develop the business case for leveraging a commercial Software Monetization solution...
eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?
This eBook discusses the hardware to software shift, the changing business requirements for successfully managing a software business and provides guidance on next steps...
Featured Press Release
New Flexera Software/IDC Report: The Internet of Things, Intelligent Devices and Software Monetization Are Propelling the Third Industrial Revolution
A new survey report, The Third Industrial Revolution: Intelligent Devices, Software, and the Internet of Things, prepared jointly by Flexera Software and IDC, provides unique insights into how the third industrial revolution sweeping the global economy is being fueled by device manufacturers...
Featured Success Stories
- Siemens Building Technologies: Streamlines Inventory and Reduces Cycle Times with Flexera Software FlexNet Producer Suite