IoT Vulnerability Disclosure Research

The State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer IoT in 2025

The IoT Security Foundation has published our annual report into the state of consumer IoT vulnerability disclosure. The study reviewed the practice of companies identified as selling IoT products for consumer and commercial uses such as appliances, routers, audio, smart home, lighting, mobile, tablets and laptops. This is the seventh published report in the series, plotting industry progress since 2018 with prior versions cited as evidence in global legislative, standards and regulatory processes. The annual research was carried out during the summer of 2025 by Copper Horse experts in mobile and IoT security.

The paper is available to download here – State of Vulnerability Disclosure Policy (VDP) Usage in Global Consumer IoT in 2025

Open Data is also available in open formats here. This data is openly licensed under CC BY 4.0:

2025 Data

CSV ODS JSON

2024 Data

CSV ODS JSON

2023 Second Edition Data

CSV ODS JSON

2023 Original Edition Data

CSV ODS JSON

2022 Data

CSV ODS JSON

Here are the links to the previous reports:

2024 report

The second edition of the 2023 report is available here, a small errata was added to address an oversight, referencing a missing vulnerability disclosure report for Dyson – 2023 Report Second Edition

Copper Horse specialises in tackling future security challenges across many domains and industries from AI, automotive, mobile and IoT. We provide a wide range of services including engineering solutions throughout the product lifecycle from requirements to product security investigations. We offer security training and have a huge range of consulting expertise to help in areas such as mobile telecoms and connected products security. If you have an interesting and complex security problem, we are here to help.