Following with our work on robot security ,  or  and through conversations with manufacturers, we noticed the lack of concern robot manufacturers have for security. Over the last weeks we’ve heard repeatedly things like:
- Manufacturer 1 (ROSCon 2018): “We know our robots have a set of reported vulnerabilities” “we leave solving those up to the end user”
- Manufacturer 2 (ROSCon 2018): “We do not care about security. Our robots do not have any security, we leave that up to the user”
- Manufacturer 3 (ROSCon 2018): “We don’t need bounties. We don’t have flaws”
Our conclusion is that there’s not enough awareness about the security topic in the robotics field likely, caused by the lack of official vulnerability reports for robot flaws. In an attempt to raise awareness we have created the Robot Vulnerability Disclosure Programs (RVDPs), an attempt to register and record robot vulnerabilities in a formal manner.
Programs are integrated into a single repository to facilitate management of reports. Vulnerabilities are community-contributed and participants get the chance to obtain public acknowledgement by submitting a vulnerability while providing prove of it.