Category: Connected Cars

Incentive Policy for Coordinated Vulnerability Disclosure

Assessment

For the past ten years or so, organizations have been trying to implement operational policies to avoid “Full Disclosure” reports or “Open Bug Bounty” whose methods are not that good in terms of honesty and responsibility.

Speaking of responsibility, you may be familiar with the notion of “Responsible Disclosure” and you wonder how it differs from the concept of Coordinated Vulnerability Disclosure?

The concept of responsible disclosure has too often been at the root of endless discussions:

On the one hand the vendors denounce “Disclosing a vulnerability without providing patches is not responsible”.
and the other, “Don’t fix this vulnerability as quickly as possible is not responsible”, say security researchers.

During this precious time when both sides argue, the system concerned is at the opponent’s mercy.

In order to move towards greater efficiency and to get out of sterile debates, it is therefore important to avoid speaking of “responsible disclosure”. This is why many organizations advocate the concept of “Coordinated Vulnerability Disclosure” (CVD) in order to promote and strengthen cooperation between the various actors in cybersecurity, all of whom have a common goal: Make the Internet safer.

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure

Read More

The Internet of Elevators, of Cars, of Weapons !

lift

Have you ever watched The Lift ? A Dutch horror movie by director Dick Maas about an intelligent ( or smart ?) and murderous elevator starting a killing spree. (Source : wikipedia)

Scary, isn’t it ?

Beyond fiction, the film “The Lift” aimed at questioning technology, systems you can not regain control over.

Nowadays, we are told about the benefits of design thinking, internet of things and their tremendous power in terms of digital and economic development… Oh wait.

Unfortunately, the Internet of Things is driven by marketing ravenous hyenas and very few IoT companies are inspired by – what we could call – the Security Design Thinking.

nebula_of-things

Today, within the Internet of Things, Auto Industry has to struggle to prevent itself from being hacked both by criminals and by their inner blind appetite for market at the expense of their duty in the field of security.

Imagine the antithesis of the legendary film “Rebel without a cause” where the hero no longer rides a car as a symbol of freedom but he’s the prisoner of a runaway wagon.

The revelations concerning the recent fraud on the behalf of  Volkswagen – by the way VW is not an isolated case – highlighted what is at stake in terms of security in the fabulous world of the Internet of Cars.

Before reaching the point of no return, Cars companies and end users should deeply consider the following thoughts :

Read More

Powered by WordPress & Theme by Anders Norén