Quectel Wireless Solutions announced that extensive testing by Finite State shows that Quectel?s products substantially exceed industry standards and best practices in multiple security measures. Quectel engaged Finite State, a third-party expert security firm focused on managing software supply chain risk for the enterprise, to rigorously test Quectel?s IoT modules to demonstrate Quectel?s commitment to transparent, verifiable product security. The first progress report released to Quectel concludes that its modules?

security score, as reflected in Finite State's risk profiling, started strong when testing began earlier this year and got stronger rapidly as Quectel implemented Finite State?s recommendations. The score improved across the modules tested from an average of 62 to 24 with the high possible score being 10. The report underlines that this is a significant improvement in Quectel?s security posture with both the initial and current scores far exceeding the industry average score of 98.

In addition to penetration testing of its key modules, Quectel announced the release of Software Bill of Materials (SBOM) and Vulnerability Exploitability Exchange (VEX) documents for its IoT modules. As an industry-first among IoT module manufacturers, these resources will be made available through the Quectel website. The SBOM and VEX documents will assist customers in this crucial task by providing machine-readable, comprehensive data.

The SBOM documents will detail the software components and dependencies within each IoT module, along with licensing and provenance information. The VEX files will provide updated data on the vulnerabilities identified and their status. Providing SBOM and VEX documents has a cascading effect on the entire IoT ecosystem.

As a Module provider, Quectel is integral to the architecture of numerous IoT devices. The transparency and commitment to security will benefit all IoT products built on Quectel?s platforms. Separately, Quectel reiterated that its modules maintain the high standards of data protection and security. ?Quectel customers own and control all of the data collected by its modules.

Quectel retained Finite State in May 2023 to audit and penetration-test the security of its modules. Its ongoing work includes rigorous security testing, improved software supply chain visibility, and comprehensive software risk management.