Ask HN: Can we solve device security without regulation?
As someone whose own startup's devices took longer to develop and ultimately failed in the market due in part to my deep concern for security and code quality (there were lots of other reasons), I welcome some kind of change in developer and manufacturer culture toward strong and effective security. But as we all know, the legal system's past track record is very poor when it comes to technology, and regulation or legislation can have unintended and burdensome consequences that might make it impossible for independent developers, contractors, or startups to enter the market ever again.
So now I have to ask, are there any behind-the-scenes efforts currently underway to draft and propose regulation or legislation that would address all security concerns and protect consumers, while keeping our industry as accessible to newcomers as possible? How can we make sure that if/when governments finally react to the security situation, it's done in a developer- as well as consumer-friendly way? Is there some kind of industry association alternative that could produce voluntary compliance with security best practices, without turning those best practices into a meaningless and ineffective CYA liability shield? Is there any way to make sure that attention is focused on the real issues, instead of placebos meant to appear to be "doing something", or worse, blanket ban all new classes of technology like IoT, cryptocurrencies, etc.?
3 comments
[ 4.0 ms ] story [ 18.2 ms ] threadWhen purchased, they can be configured to designate what is attached and then they would regularly connect to the filter service to get updated definitions.
For instance, the inline filter could be purchased to be placed in between a router and a smart TV hooked up via ethernet. Then the owner configures the filter and selects the exact TV manufacturer and model that is attached.
The filter device would then connect to the filter service on a regular basis to get the rulesets for that specific model of TV. The rulesets could filter incoming traffic, outgoing traffic, apply whitelists or blacklists, etc.
Basically, inexpensive device-specific firewalls.