Only 27.1% of suppliers have a vulnerability disclosure policy, indicating that IoT companies are only slowly improving the process through which security researchers may disclose security flaws. Based on the most recent annual report from the IoT Security Foundation (IoTSF), the statistic compares to the 9.7% of IoT (Internet of Things) suppliers that were reported to have a disclosure policy in the 2018 edition of the same survey. The IoTSF’s IoT Security Assurance Framework is only one of 30 cybersecurity advisory projects that strongly advocate vulnerability management as the cornerstone of linked device security. Vendors run the risk of violating recently passed UK legislation if they fail to follow best practice directives. Straightforward reporting of security vulnerabilities is vital for security lifecycle maintenance.