Reply to post: whether and how quickly it will be patched

Stickers emerge as EU's weapon against dud IoT security

I am the liquor Silver badge

whether and how quickly it will be patched

It's something that could be baked into the standards behind the stickers. The sticker would tell you for how many years the manufacturer has committed to provide patches. (That could be a powerful market incentive - consumers aren't going to like shelling out good money on an appliance that has a sticker on the front telling them it'll be going in the bin after 3 years.) The standard would specify how promptly fixes for any CVE-logged vulnerability must be delivered during that support lifetime. If the manufacturer fails to meet the standard, they used the sticker improperly and get fined by the regulator. Add on mandatory requirements for source code escrow and a financial bond to fund maintenance if the company folds during the product's lifetime, and you could come up with a regulatory system that would improve IoT security in a useful way.

I mean I doubt they will, but they could.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021