Initiative spots 20 ICT security risks
Initiative spots 20 ICT security risks
https://www.taipeitimes.com/News/taiwan/archives/2026/04/28/2003856373
Publish Date: 2026-04-27 12:00:00
Source Domain: www.taipeitimes.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
SAFETY:
Simulating the perspective of attackers, researchers enabled businesses to identify potential issues before product launches, the cybersecurity institute said
By Shelley Shan / Staff reporter, with CNA
The Administration for Cybersecurity said it identified vulnerabilities in 20 Taiwan-made information and communications technology (ICT) products before their official launch. The National Institute of Cybersecurity, which executed the administration’s initiative, said that it invited 179 cybersecurity researchers to test 20 products manufactured by 11 leading domestic ICT companies. Twenty valid cybersecurity loopholes were identified, including three that were rated as severe and six rated as high-risk, it said.
Photo: Chiu Chiao-chen, Taipei Times
As the EU’s Cyber Resilience Act and other international regulations would soon be implemented, reinforcing cybersecurity of Taiwanese products and establishing trust in the nation’s supply chain has become crucial, Administration for Cybersecurity Director-General Tsai Fu-lung (蔡福隆) told a news conference in Taipei. The initiative would run for the second time in September, making more ICT companies aware of the importance of cybersecurity, and allowing the government and the private sector to procure products from a safe environment, Tsai said.
Among the vulnerabilities discovered during the initiative, some components used weak passwords, which could allow unauthorized access to files, the institute said. Other issues were caused by insufficient validation of input parameters, leading to risks such as command injection, it said. Out of 179 participating researchers, 25 submitted vulnerability reports, it said. Simulating the perspective of attackers, researchers enabled businesses to identify potential issues before their products reached the market, the institute said. Businesses have applied for and obtained six common vulnerability and exposure identifiers, the institute said, adding that it would continue to monitor follow-up developments. Product manufacturers and cybersecurity researchers affirmed the overall operation of the initiative, with the latter suggesting that more clearly defined testing scopes and evaluation criteria could help further improve the effectiveness of vulnerability discovery, it added.
