Many people are under the impression that telling a vendor about a cyber security flaw in software or a device is at best pointless and at worst a reckless invitation for hackers to exploit it. That’s why we at Xantrion were so interested in this cyber security pro’s story about spotting and reporting a security problem in an IoT device — a wireless webcam that the researcher discovered he could theoretically take over and use to get live access to other webcam owners’ cameras. The vendor responded to his report in just four days and had a patch and customer alert ready to go in a month.
While not every vendor responds as quickly, the details of this story show that reporting flaws is usually a win-win: the vendor gets to improve its products, and the security researcher gets to educate the public and boost network security. That’s why Xantrion stays up to date on the latest vulnerabilities, and participates by reporting any vulnerabilities we find.