#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

Real-Time Operating System | Breaking Cybersecurity News | The Hacker News

Category — Real-Time Operating System
Will the Small IoT Device OEM Survive?

Will the Small IoT Device OEM Survive?

Oct 07, 2024
After decades of frustration, downstream users are about to get laws and regulations passed to force upstream IoT manufacturers to produce more secure IoT devices. This seems like a good thing, however, we are about to see an enactment of how new laws and regulations work to the advantage of big companies and to the disadvantage of small companies, eventually driving the latter out of business. As presented by Ruchir Sharma in his excellent book [1] , regulations tend to favor large companies for two reasons: (1) large companies can afford the necessary resources to conform to the new laws and regulations and (2) large companies have the necessary resources to shape the new laws and regulations to favor themselves. Although these may be well-intentioned, initially, the eventual result is that smaller companies are forced out of business and only the large companies survive. Are we about to see this scenario play out for IoT device manufacturers? That is the subject of this paper. The
Patching vs. Isolating Vulnerabilities

Patching vs. Isolating Vulnerabilities

May 20, 2024
Patching and updating is pretty much baked-in to the thinking, standards, and coming legislation of the device security community. Yet  isolation via partitioning  is another viable approach for security, and it comes with many advantages. Patching The primary advantage of patching and updating known vulnerabilities is that the vulnerabilities are usually permanently fixed. Hence the fix is demonstrable for standard and legal compliance. Some problems with this approach are: Modern IoT device firmware has tens, hundreds, even thousands of components, and components routinely come with dozens of their own dependencies [1] . Finding vulnerabilities in components of an SBOM is not an easy process. There are several databases, and component identification is not consistent [1] Achieving 100% complete and accurate SBOMs is still an elusive goal [1] . A high percentage of vulnerabilities in components are not exploitable [1] . Fixing non-exploitable vulnerabilities is, of course, a w
Cybersecurity Resources