NIST calls for software vulnerability disclosure in 'baseline' guide for securing IoT devices against botnets

Device manufacturers should offer customers an inventory of known software vulnerabilities, the National Institute of Standards and Technology says in a draft guide on “baseline” security capabilities for the Internet of Things, issued to meet obligations flowing from a 2017 presidential order on strengthening the cybersecurity of federal networks and critical infrastructure.

NIST is hosting an Aug. 13 workshop to gather feedback on draft NISTIR 8259, which will be open for public comment through Sep. 30, the same day...