How can we improve IoT security?

Read interesting article on securityweek.com by Lance Cottrell. I think that the following comment is spot on:

It is easy to vilify the IoT makers, but they are simply responding to the constraints and market realities in front of them. Moral persuasion will not meaningfully change their behavior. To get better IoT security, that needs to actually be a priority for the business, and that means changing the regulatory and liability landscape to make it so.

This not only applies to IoT makers. What about biomedical makers? What about manufacturers of computer software in general?

Take aways

In the absence of regulation, you need to collaborate with your Legal, Risk Management and IT teams to encode your standards into terms of legal contracts. These terms can be negotiated and exception granted (and monitored).

Leave a comment Cancel reply

Fierce Marriage

Shostack & Friends Blog

Schneier on Security

SANS Internet Storm Center, InfoCON: green

Computer Security News, Advice and Research

Krebs on Security

In-depth security news and investigation