Car Manufacturer meets Security Community - Impressions from Germany's First Car BugHunting Event
One of the challenges of the growing IoT land-scape is that manufacturers of IoT devices have to secure their devices in a (for them) completely new way. While coffee machines, washing machines or even car manufacturers have a great expertise in development of their respective devices, this does not imply, that knowledge on how to secure IP-connected devices is given too. Therefore, different kinds of security testing approaches during the development process need to be introduced. Next to classic penetration testing, bug bounties and bug huntings become more and more popular in the last years - even though some of them have a less good reputation.
Within this talk Karsten and Kevin will share their experience in organizing the first bughunting event of a German car manufacturing company. The challenges, impressions and results will be shown and how this type of assessment could become an established standard for a secure development lifecycle in IoT related industries.