> What you need is the ability for consumers to replace the firmware.

> That solves the problem in three ways.

That alleviates the problem, but definitely doesn't solve it. Updates are still required, and most people will never update devices they don't directly interact with.

▲

wmf 10 hours ago | parent [-]

Auto-update obviously.

▲

macintux 10 hours ago | parent | next [-]

Which introduces new security risks, but more importantly, the consumer has to configure the device to use open source firmware, and set up auto updates, unless the device is being auto updated by the device manufacturer and forces all of their customers to switch to the new firmware, which seems very unlikely.

▲

kelnos 5 hours ago | parent | prev [-]

How? The device phones home to the manufacturer's servers to get new updates. Manufacturer goes out of business, servers get shut down. How does it know where to get updates now?

	▲	M95D 3 hours ago \| parent [-]
		> Manufacturer goes out of business, servers get shut down. Continue your chain of reasoning: DNS name becomes unmaintained, gets grabbed by open source / foundation / gov agency, pushes open source firmware update. Same thing happens today with botnet C&C servers.