Cargando…
Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things?
The article outlines the European Union (EU) regulation of information technology (IT) security in Internet of Things products from a consumer and end user perspective. It starts with civil law and the necessity to address security requirements and specifications in individual contractual terms. Dat...
| Autor principal: | |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer Fachmedien Wiesbaden
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9483465/ https://www.ncbi.nlm.nih.gov/pubmed/36819992 http://dx.doi.org/10.1365/s43439-022-00064-9 |
| _version_ | 1784791673797083136 |
|---|---|
| author | Dickmann, Roman |
| author_facet | Dickmann, Roman |
| author_sort | Dickmann, Roman |
| collection | PubMed |
| description | The article outlines the European Union (EU) regulation of information technology (IT) security in Internet of Things products from a consumer and end user perspective. It starts with civil law and the necessity to address security requirements and specifications in individual contractual terms. Data and consumer protection laws have not helped much, mainly because of missing definitions and levels of applicable security. Two new EU directives reforming the law of obligations may improve the situation for consumers since security is now a named quality requirement, especially for the sale of (digital) goods. Also introduced is the provision of security updates as a contractual duty. But both rule sets address only the traders, not the producers. This is different with the activation of clauses in the radio equipment directive, which sets IT security measures as requirements to be compliant for CE labeling. An important element is the introduction of a vulnerability management system. Details can be found in the draft of technical standard ETSI/EN 303645. The work concludes with a look at the EU’s efforts regarding certification schemes and the interaction of all regulation elements, with more liability for insecure products plus the hope for effectiveness. |
| format | Online Article Text |
| id | pubmed-9483465 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Springer Fachmedien Wiesbaden |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-94834652022-09-19 Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? Dickmann, Roman Int Cybersecur Law Rev Article The article outlines the European Union (EU) regulation of information technology (IT) security in Internet of Things products from a consumer and end user perspective. It starts with civil law and the necessity to address security requirements and specifications in individual contractual terms. Data and consumer protection laws have not helped much, mainly because of missing definitions and levels of applicable security. Two new EU directives reforming the law of obligations may improve the situation for consumers since security is now a named quality requirement, especially for the sale of (digital) goods. Also introduced is the provision of security updates as a contractual duty. But both rule sets address only the traders, not the producers. This is different with the activation of clauses in the radio equipment directive, which sets IT security measures as requirements to be compliant for CE labeling. An important element is the introduction of a vulnerability management system. Details can be found in the draft of technical standard ETSI/EN 303645. The work concludes with a look at the EU’s efforts regarding certification schemes and the interaction of all regulation elements, with more liability for insecure products plus the hope for effectiveness. Springer Fachmedien Wiesbaden 2022-09-16 2023 /pmc/articles/PMC9483465/ /pubmed/36819992 http://dx.doi.org/10.1365/s43439-022-00064-9 Text en © The Author(s), under exclusive licence to Springer Fachmedien Wiesbaden GmbH 2022, Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Dickmann, Roman Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? |
| title | Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? |
| title_full | Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? |
| title_fullStr | Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? |
| title_full_unstemmed | Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? |
| title_short | Vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the Internet of Things? |
| title_sort | vulnerability management as compliance requirement in product security regulation—a game changer for producers’ liability and consequential improvement of the level of security in the internet of things? |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9483465/ https://www.ncbi.nlm.nih.gov/pubmed/36819992 http://dx.doi.org/10.1365/s43439-022-00064-9 |
| work_keys_str_mv | AT dickmannroman vulnerabilitymanagementascompliancerequirementinproductsecurityregulationagamechangerforproducersliabilityandconsequentialimprovementofthelevelofsecurityintheinternetofthings |