Open-Source Oversight: Security Gaps in IoT and OT DevicesDashevskyi and La Spina of Forescout Technologies on IoT and OT Security Practices
IoT and OT devices have been susceptible to cyberthreats due to factors such as widespread deployment, their critical role as potential entry points for attackers, and challenges in overseeing vulnerabilities and implementing patches owing to constrained computing capabilities.
Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.
Dashevskyi delved into "Project Memoria," which focuses on analyzing TCP/IP stacks and the prevalence of bugs in them due to lack of scrutiny.
In this video interview with Information Security Media Group at Black Hat Europe 2023, Dashevskyi and La Spina also discussed:
- The challenges in updating open-source components;
- The need for a software bill of materials or SBOM approach for better transparency in enumerating components;
- The importance of a robust software development life cycle and security testing.
Dashevskyi's research interests include open-source software, software security and vulnerability analysis.
La Spina began his career as a software engineer with a focus on IT/IoT security gateway development and honed his expertise in crafting robust security solutions for digital infrastructures. He also gained invaluable experience in fortifying networks against potential threats.