Like any emerging and disruptive technology, multiple obstacles are slowing down the Internet of Things (IoT) expansion for instance, multiplicity of things’ standards, users’ reluctance and sometimes rejection due to privacy invasion, and limited IoT platform interoperability. IoT expansion is also accompanied by the widespread use of mobile apps supporting anywhere, anytime service provisioning to users. By analogy to vetting mobile apps, this paper addresses the lack of principles and techniques for vetting IoT devices (things) in preparation for their integration into mission-critical systems. Things have got vulnerabilities that should be discovered and assessed through proper device vetting. Unfortunately, this is not happening. Rather than sensing a nuclear turbines steam level, a thing could collect some sensitive data about the turbine without the knowledge of users and leak these data to third parties. This paper presents a guiding framework that defines the concepts of, principles of, and techniques for thing vetting as a pro-active response to potential things vulnerabilities.

像任何新兴的破坏性技术一样，多重障碍正在减慢物联网（IoT）的扩展速度，物联网标准的多样性，用户由于私密性入侵以及由于物联网平台互操作性有限而不愿接受和拒绝的情况。物联网的扩展还伴随着移动应用程序的广泛使用，支持随时随地为用户提供服务。类似于审核移动应用程序，本白皮书解决了缺乏对物联网设备（事物）进行审核以准备将其集成到关键任务系统中的原则和技术。事情已经存在漏洞，应该通过适当的设备审查来发现和评估漏洞。不幸的是，这没有发生。与其检测核电的蒸汽水平，一件事可能会在用户不知情的情况下收集一些有关涡轮机的敏感数据，并将这些数据泄漏给第三方。本文提出了一个指导框架，该框架定义了事物审核的概念，原理和技术，作为对潜在事物漏洞的主动响应。