Page History
...
The U.S. Federal Trade Commission has brought legal action against vendors for not having sufficient vulnerability response capabilities. In their complaint against ASUS \[106\], they citecite the company's failure to
_maintain an adequate process for receiving and addressing security vulnerability _ _ reports from third parties such as security researchers and academics;_ _…_ _perform …perform sufficient analysis of reported vulnerabilities in order to correct or _ _ mitigate all reasonably detectable instances of a reported vulnerability, such as _ _ those elsewhere in the software or in future releases; and_ _… ...provide adequate notice to consumers regarding (i) known vulnerabilities or _ _ security risks, (ii) steps that consumers could take to mitigate such vulnerabilities _ _ or risks, and (iii) the availability of software updates that would correct or _ _ mitigate the vulnerabilities or risks._
Similar complaints have been included in FTC filings against HTC America \[107\] and Fandango \[108\].
...
Overview
Content Tools