[nradov]

Could the market failure be addressed through private class action suits against manufacturers of insecure IoT devices?

[gamegod]

And what about software developers? Should we be suing the kernel developers for leaving that privilege escalation bug in for 9 years?

[woah]

Don't open source license all include disclaimers?

[speedplane]

Nope. Many of these compromised routers and webcams are not based on U.S. soil, so they're outside of U.S. jurisdiction. But even if some enterprising lawyer could attach a legal claim to them, most of these guys are tiny, and while you could easily sue some individual companies out of existence, it would not have much impact on the broader problem.

[dredmorbius]

That's probably too distributed a set. You'd have to hit the device manufacturers (say, ARM or Intel), or vendors (Amazon). Hold them liable for problems.

Hit the distribution channel and I suspect you'll see a rapid increase in accountability and security measures.