My master plan {cough}
1) Mandatory security testing befor a product is allowed on sale. This includes the policing of non-compliant imports from the usual suspects. All it needs is legislation and policing.(!)
2) Approved supplier then places money (and source code in escrow) with central patching organisation. So when the manufacturer conveniently ceases to trade the code can still be patched. Patches tested and distributed by central body. So patching and support outlives an individual hardware version or manufacturer/supplier.
3).......
4) Profit! Also, hopefully, more security in the IoT.
Oh, and if a firewall on a private network can identify and police port scanners then why do I see continuous port scanning from foreign IP addresses on my Broadband link?
The first step in all this IoT pawnage seems to be port scanning to identify vulnerable home systems.
Filter out the port scanners or at least slow the bastards down and you have taken most of the skiddies toys away.
Extrapolating this starts to get a bit Big Brother but if money isn't spent up front then the cost of slamming multiple stable doors is likely to be much higher.
Biting the hand that feeds IT
