Capturing relevant knowledge of device, software & systemic vulnerabilities for IoT ecosystems, to provide knowledge models, tools & techniques for semi-automated risk management of devices, components & systems, in order to provide trusted mechanisms to facilitate distributed sharing of testing, verification and security-related information.