With Commitment to Shared Responsibility for Safe and Secure IoT Deployments, PTC Discloses Remediation of Prior Vulnerabilities.
Following the recent announcement of its Coordinated Vulnerability Disclosure (CVD) Program, PTC today announced its ongoing collaboration with security researchers and its first disclosure, crediting SEC Consult, a global cyber and application security consultancy.
Together, PTC and SEC Consult identified and addressed three product security vulnerabilities in PTC’s ThingWorx® Industrial Innovation Platform.
Today’s announcement reaffirms the importance of PTC’s CVD Program, which supports the reporting and remediation of security vulnerabilities that could adversely affect the environments in which PTC products operate. Disclosure programs have been rolled out in many sectors over the past decade, but PTC is one of the first software companies to introduce a CVD Program to industrial and safety-critical industries.
PTC worked closely with SEC Consult to triage the vulnerabilities and coordinate PTC’s first disclosure – with an emphasis on public transparency and customer safety. In that context, ThingWorx customers have been provided ample notice and corrective actions for these three vulnerabilities, and can visit PTC’s eSupport Portal for additional information.
“The security of its products is paramount to PTC,” said Joshua Corman, SVP and chief security officer, PTC.
“We are pleased to share the early success of our CVD program, as the cybersecurity community and PTC came together and displayed commitment to safety. PTC’s CVD Program promotes the company’s thought leadership, builds trust industry wide, and enables us to quickly mitigate and take action to help further secure our products and deployments. We thank SEC Consult for their professional management of this issue, and their focus on putting safety first throughout the project. PTC looks forward to continue working with them, as well as to building strong relationships with other research organizations as this program continues to grow.”
In its continued commitment to swiftly address security vulnerabilities and protect products and customer implementations, PTC encourages collaboration between customers, partners, and other parties as part of its Shared Responsibility Model. PTC also thanks the Computer Emergency Response Team / Coordination Center (CERT/CC) for its guidance during the launch of PTC’s Shared Responsibility Model and CVD Program.
“As one of the leading consultants in the field of cyber and application security, our team appreciates and respects collaborating with organizations that take a proactive approach to addressing vulnerabilities in their software, as displayed by PTC,” said Kelly Robertson, CEO, SEC Consult.
“The nature of this vulnerability, involving multiple parties and consisting of safety critical implications, posed challenges, yet it was outstanding to work with such a professional company as PTC. PTC was transparent, professional, collaborative, communicative – and dedicated to the sector and committed to its customers. We expect that those who are using ThingWorx have taken advantage of the updates provided by the company and will operate with a focus on security moving forward. We also hope to continue working with PTC and its customers in the future.”