In 2017, Dragos tracked 163 vulnerability advisories with an industrial control system (ICS) impact. Of these, the majority were vulnerabilities in insecure- by-design products which are typically deep within an ICS network.
Dragos found that public reports failed to adequately define the industrial impact of vulnerabilities. Coupled with the fact that most public vulnerability disclosures provide no alternative guidance beyond, “patch,” or “use secure networks,” Dragos sees huge room for improvement in public disclosure reports – improvement that it strives to make in its own reporting.
Click here for the full white paper.