Security Vulnerability Contact Information

The IoT Security Foundation takes security issues extremely seriously and welcomes feedback from security researchers in order to improve the security of its services. We operate a policy of coordinated disclosure for dealing with reports of security vulnerabilities and issues.

To privately report a suspected security issue us, please send an email to security-alert@iotsecurityfoundation.org, giving as much detail as you can. We will respond to you as soon as possible. If the suspected security issue is confirmed, we will then come back to you with an estimate of how long the issue will take to fix. Once the fix is available, we will notify you and recognise your efforts on this page.

Acceptable Research

Whilst we encourage investigation of potential security vulnerabilities, we cannot condone any activities which might interfere with legitimate users or which might contravene applicable computer misuse and data protection legislation. For that reason, the following activities are prohibited:

  • Modification or destruction of data
  • Interruption or degradation of services, for example Denial of Service attacks
  • Disclosure of personal, proprietary or financial information

Thank You

Credit to the people who have helped make our services more secure by making a coordinated disclosure with us will appear here with consent.

NOTE: It is vitally important that IoT businesses have a visible channel for researchers and stakeholders to report product and service vulnerabilities.

If you do not yet have a process for vulnerability disclosure you should plan to implement one at your earliest convenience.