| ▲ | kachapopopow 9 hours ago |
| the problem is that these laws just make the problem bigger - instead of having to compromise 100 thousand routers they can just compromise a single update server from a vendor that doesn't care about security. the fallout is some companies losing their revenue: https://status.neoprotect.net/ and other headaches for people all over the world |
|
| ▲ | mmooss 5 hours ago | parent [-] |
| Or the law makes the problem smaller, by making the routers secure, and makes outcomes just, by penalizing the responsible companies. |
| |
| ▲ | kachapopopow 4 hours ago | parent [-] | | ok, let's redo this: instead of routers it's an IoT device. The router protects the IoT device from direct access so it is secure from majority of attack vectors - now an IoT device provider gets their server compromised and hundreds of thousands of IoT devices are now bots in a botnet due to the ability to forcefully push a security update. | | |
| ▲ | mmooss 4 hours ago | parent [-] | | I understand the risk, but the existance of risks doesn't mean they outweigh the benefits. Everything has risks. | | |
| ▲ | kachapopopow 3 hours ago | parent [-] | | I don't think it does outweigh the benefits, the real benefits would be punishing or/and banning vendors that do not secure their devices since using laws such as "timely updates" just promotes them to include sloppy (insecure) implementations for pushing said updates just to do bare minimum to comply with the law. relevant law here: EU Cyber Resilience Act (CRA). | | |
| ▲ | mmooss a minute ago | parent [-] | | > I don't think it does outweigh the benefits Fine, but that is the real discussion to have. Not 'it has this risk and therefore is bad'. |
|
|
|
|
