Case Study on Product Security and Vulnerability Management in Media
Metadata
- Publisher
- SMPTE — Hollywood, CA
- Doc Type
- Conference Paper
- Content Type
- Original Research
- Volume
- 00, pp. 1–18
- Abstract
- Ensuring the security of media, in particular public service media, is of vital importance in maintaining public trust in the veracity of information. However, the transition to IP has opened up previously isolated media systems to direct and indirect attacks. All members of the media industry must adapt, but we will show the industry is struggling to do so. In 48 different security assessments of commercially available media systems, we found almost half of them contain at least one critical or high-severity security vulnerability. While working with the affected vendors to solve the issues, we were able to document the industry's current vulnerability management practices. Firstly, only 6 out of 32 vendors have a publicly advertised method for reporting security vulnerabilities to them. Secondly, only 3 of the 11 vulnerabilities that have been fixed by the time of writing this paper have been publicly and transparently disclosed. In other cases, the fix was included in the new release silently or only vaguely mentioned in release notes. We conclude that the media industry is not yet sufficiently committed to security and has a lot to learn from the IT industry where vulnerability reporting, coordinated vulnerability disclosure and frequent security updates are well-established.
- Publication Date
- 2024-10-21
- DOI
10.5594/MOO/3017- ISBN
[object Object]- Link
- https://doi.org/10.5594/MOO/3017
- Author(s)
- Milan DuricLucille VerbaereGerben DierickJakob Pfister
- Keyword(s)
- Product Security, Security Testing, Vulnerability Management, Vulnerability Disclosure, CVE, CNA
- Copyright
- © 2024 SMPTE
Source Data (JSON)
Full registry record with provenance metadata. Open directly: /api/doc/10.5594-MOO-3017.json
Reference this Doc
Plain text (ISO 690 compliant)
Preview:
Milan Duric, Lucille Verbaere, Gerben Dierick, and Jakob Pfister; Case Study on Product Security and Vulnerability Management in Media, MTS 2024, Article 17 (pp. 1 to 18); SMPTE, 2024, ISBN: [object Object]. Available at https://doi.org/10.5594/MOO/3017
Snippet:
Milan Duric, Lucille Verbaere, Gerben Dierick, and Jakob Pfister; Case Study on Product Security and Vulnerability Management in Media, MTS 2024, Article 17 (pp. 1 to 18); SMPTE, 2024, ISBN: [object Object]. Available at https://doi.org/10.5594/MOO/3017
HTML (ISO 690 compliant)
Preview:
Milan Duric, Lucille Verbaere, Gerben Dierick, and Jakob Pfister; Case Study on Product Security and Vulnerability Management in Media, MTS 2024, Article 17 (pp. 1 to 18); SMPTE, 2024, ISBN: [object Object]. Available at https://doi.org/10.5594/MOO/3017
Snippet:
<span class="citation">Milan Duric, Lucille Verbaere, Gerben Dierick, and Jakob Pfister; <cite>Case Study on Product Security and Vulnerability Management in Media</cite>, MTS 2024, Article 17 (pp. 1 to 18); SMPTE, 2024, ISBN: [object Object]. Available at <a href="https://doi.org/10.5594/MOO/3017" target="_blank" rel="noopener">https://doi.org/10.5594/MOO/3017</a></span>
SMPTE's HTML Pub
Preview:
Milan Duric, Lucille Verbaere, Gerben Dierick, and Jakob Pfister; Case Study on Product Security and Vulnerability Management in Media, MTS 2024, Article 17 (pp. 1 to 18); SMPTE, 2024, ISBN: [object Object]
doi: 10.5594/MOO/3017
url: https://doi.org/10.5594/MOO/3017
doi: 10.5594/MOO/3017
url: https://doi.org/10.5594/MOO/3017
Snippet:
<li> Milan Duric, Lucille Verbaere, Gerben Dierick, and Jakob Pfister; <cite id="bib-10-5594-moo-3017">Case Study on Product Security and Vulnerability Management in Media</cite>, MTS 2024, Article 17 (pp. 1 to 18); SMPTE, 2024, ISBN: [object Object] <span class="doi">10.5594/MOO/3017</span> </li>