Black Hat , Events , Governance & Risk Management

Open-Source Oversight: Security Gaps in IoT and OT Devices

Dashevskyi and La Spina of Forescout Technologies on IoT and OT Security Practices
Francesco La Spina and Stanislav Dashevskyi, security researchers, Forescout Technologies

IoT and OT devices have been susceptible to cyberthreats due to factors such as widespread deployment, their critical role as potential entry points for attackers, and challenges in overseeing vulnerabilities and implementing patches owing to constrained computing capabilities.

See Also: Make Zero Trust Happen

Previous studies on IoT and OT devices have primarily focused on internal components, neglecting open-source components that are crucial for network connectivity, according to Stanislav Dashevskyi and Francesco La Spina, security researchers at Forescout Technologies.

Dashevskyi delved into "Project Memoria," which focuses on analyzing TCP/IP stacks and the prevalence of bugs in them due to lack of scrutiny.

In this video interview with Information Security Media Group at Black Hat Europe 2023, Dashevskyi and La Spina also discussed:

  • The challenges in updating open-source components;
  • The need for a software bill of materials or SBOM approach for better transparency in enumerating components;
  • The importance of a robust software development life cycle and security testing.

Dashevskyi's research interests include open-source software, software security and vulnerability analysis.

La Spina began his career as a software engineer with a focus on IT/IoT security gateway development and honed his expertise in crafting robust security solutions for digital infrastructures. He also gained invaluable experience in fortifying networks against potential threats.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.