1 comment

[ 3.5 ms ] story [ 12.9 ms ] thread
If you already don't like the idea of assigning Final Goods Assembler liability to operators of major open-source repositories, I suggest skipping to 'How To Fix The Problem' (of security vulnerabilities in end-user software, especially in IoT devices).

Personally I like the idea of a UL-style or CE-style label at least for IoT devices that asserts that the devices will be automatically updated with cryptographically-certified patches for ~5 years. Then you can manually disable the updates, you just take responsibility for the security of the device.