Time Table

The number of reported vulnerabilities continues to increase annually, making it difficult for security professionals and product developers to determine which vulnerabilities should be prioritized for response. While the Common Vulnerability Scoring System (CVSS) is widely used as a standard metric for assessing vulnerability severity, it does not reflect whether the vulnerabilities are actively exploited in the wild. The Exploit Prediction Scoring System (EPSS) currently exists to predict exploitability of vulnerabilities. In our study, we analyzed attack data against Panasonic IoT products in our honeypots to identify vulnerabilities that are being actively exploited. Additionally, we collected OSINT-based data on vulnerabilities targeted by IoT malware. By extracting and comparing the CVSS parameters of these vulnerabilities, we report key characteristics of those that warrant higher prioritization for Panasonic.

Speakers:
Manabu Nakano（中野 学） Panasonic Holdings Corporation Product Security Global Strategy Department Product Security Center General Manager
Kohei Taguchi（田口 航平）Panasonic Holdings Corporation Product Security Global Strategy Department Product Security Center Specialist