Acuity Brands Adds Vulnerability ID and Response Program


Acuity Brands recently announced the formation of a Product Security Incident Response Team (PSIRT), which will supplement existing security programs by coordinating stakeholder interests regarding security concerns that potentially impact connected products and cloud-based infrastructure. All Acuity Brands products containing a software component in their use, maintenance or management will be serviced by PSIRT. Additionally, the team will manage the receipt, investigation and notification procedure with an extended group of collaborators which may include customers, consultants, security researchers, academic institutions and other vendors.

PSIRT reportedly will provide a proactive and centralized approach for security concerns arising from the increasingly digital market. This approach is designed to reduce the response time for releasing patches for security vulnerabilities and to improve the security posture of Acuity Brands technology-based products and services.

Product Security Incident Response Process to be applied in part or entirety, depending upon team discretion.

  • Awareness:  information is received regarding a potential security vulnerability
  • Triage: the report is validated, prioritized, and resources identified
  • Analysis:  impact assessment is conducted, and remediation plan developed
  • Coordination: all collaborators are made aware of the timelines
  • Remediation: fixes are released, and cloud-based services are updated
  • Notification:  affected customers are notified
  • Feedback:  post-remediation activities are performed

“To continually improve our best practices, Acuity Brands has joined the Forum of Incident Response and Security Teams (FIRST), which fosters cooperation and coordination in incident prevention, stimulates rapid reaction to incidents, and promotes information sharing among members and the community at large,” said Mark-David McLaughlin, Director, Security and Risk Management, Acuity Brands Lighting. “FIRST’s documentation and the ISO 30111 standard were used as references for the development of the PSIRT program.”

PSIRT will be focused on, but not limited to, the products sold under the following brands: AtriusTM, Dark To Light (DTL), DGLogik, Distech Controls, eldoLED, Fresco, Holophane, IOTA, Lucid, LC&D, nLight, nLight AIR, ROAM, Sensor Switch, Synergy, and XPoint Wireless. Integral to this effort is an enhanced customer communication strategy that includes security bulletins and a dedicated contact.

Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Editorial Director

Related Articles

Dell EMC and Nokia Team Up on Digital City Project for Semi-Autonomous Barges in Delft

By: Ken Briodagh    11/15/2018

Public-private initiative aims to alleviate city center truck congestion, reduce carbon emissions using fuel cell and IoT technologies

Read More

IoT Time Podcast S.3 Ep.42 ID R&D

By: Ken Briodagh    11/14/2018

On this episode of IoT Time Podcast, Ken Briodagh sits down with Alexey Khitrov, president, ID R&D, to talk about biometrics, IoT, AI, anti-spoofing.

Read More

IBM Names Their Finalists and Winner of the "Call for Code"

By: Chrissie Cluney    11/14/2018

IBM has named the finalists and crowned the ultimate winner of its Call for Code Global Initiative.

Read More

New Research Unveils Corporate Losses from IoT Security Missteps

By: Ken Briodagh    11/14/2018

DigiCert's 2018 State of IoT survey reveals security as the top concern as IoT takes center stage with 92 percent of companies saying it will be extre…

Read More

Sectigo Names Jason Soroko Chief Technology Officer of IoT

By: Ken Briodagh    11/14/2018

Sectigo, a commercial Certificate Authority and web security solutions provider, has named Jason Soroko as the company's chief technology officer of I…

Read More