Open-Source Oversight: Security Gaps in IoT and OT Devices – BankInfoSecurity.com

1 minute, 13 seconds Read

Black Hat
,
Events
,
Governance & Risk Management

Dashevskyi and La Spina of Forescout Technologies on IoT and OT Security Practices

Francesco La Spina and Stanislav Dashevskyi, security researchers, Forescout Technologies

IoT and OT devices have been susceptible to cyberthreats due to factors such as widespread deployment, their critical role as potential entry points for attackers, and challenges in overseeing vulnerabilities and implementing patches owing to constrained computing capabilities.

See Also: 10 Belt-Tightening Tips for CISOs to Weather the Downturn

Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.

Dashevskyi delved into “Project Memoria,” which focuses on analyzing TCP/IP stacks and the prevalence of bugs in them due to lack of scrutiny.

In this video interview with Information Security Media Group at Black Hat Europe 2023, Dashevskyi and La Spina also discussed:

  • The challenges in updating open-source components;
  • The need for software bill of materials or SBOM approach for better transparency in component enumeration;
  • The importance of a robust software development life cycle and security testing.

Dashevskyi’s research interests include open-source software, software security and vulnerability analysis.

La Spina began his career as a software engineer with a focus on IT/IoT security gateway development, honing his expertise in crafting robust security solutions for digital infrastructures. He also gained invaluable experience in fortifying networks against potential threats.

author

Any Streams

AI Enabled Business & IT Automation

Similar Posts