Finite StateFinite State
Finite StateFinite State
LoginLogin
Software Supply Chain Security

IoT Security Is Improving—but Risk Is Still Growing

Despite real progress, the rapid growth of devices and threats is outpacing the industry’s ability to secure them. In this clip, Robert Kelley reflects on the current state of IoT security, highlighting meaningful progress and persistent risks.

September 12, 2025•1:49•HD•0 views

IoT Security Is Improving—but Risk Is Still Growing

Transcript

In my opinion, IoT security is definitely getting better. As I mentioned before, we are swimming, but the water level is rising and sometimes faster than people can swim. We're seeing manufacturers adopt secure boot and for signing updates and integrate SBOMs now that it is specifically mandated. But we're seeing people actively make efforts where they once didn't need to or didn't think they needed to. So wake up calls like regulations like EU Red, CRA, ah Radio Equipment Directive are forcing security earlier into the development cycle. And that is great news. But the threat landscape, you know especially with the proliferation of AI, is moving faster than the industry is adapting, in my opinion. IoT supply chains are still pretty opaque and update infrastructure is brittle, sometimes very unenforced. And secure design is still often far deprioritized in favor of speed to the market. Everyone needs to be the next best thing. Everyone needs their device to be faster. It needs to be more efficient, but at the cost of not thinking of all of the repercussions of those efforts. So In addition, the number of connected devices is exploding. And every new device is another node of risk because again, an IoT device is not an isolated product. It is part of a greater ecosystem of devices that may be nowhere near as secure as the ones you're trying to do. So while awareness is up and tooling is improving, the net exposure is still growing
Finite StateFinite State

Finite State is the Product Security Automation Platform that functions as an autonomous Product Security OS: design → verify → prove, grounded in what you ship.

Platform

Platform Overview
Ground Truth Inventory
Exploitability-Based Prioritization
Design-Time Architecture Security
Automated Evidence-Backed Compliance

Solutions

Device Manufacturers
Automotive
Medical Devices
Energy & Utilities
Government
Industrial

Resources

Blog
Resource Library
Webinars & Videos
Events
Documentation

Company

About Us
CareersHIRING
Press & Media
Contact Sales
X

Privacy PolicyTerms of UseCustomer Terms and Conditions