|
|
|
|
|
|
by kabdib
3534 days ago
|
|
|
Security is a process. We might be able to browbeat (insert clueless-about-security manufacturer here) into making an investment in secure firmware. Maybe they'll even get it right. But our experience is that additional security holes are always found, even in software written by knowledgable and motivated teams. These devices need to have an update mechanism. The manufacturer needs to have an ongoing security effort, across their whole device line (probably a significant investment in development resources and process -- consider that right now, the firmware for a device is probably coming off of a firmware dev's laptop; I've seen this happen at a big company). And devices will have to be sunset, to control the ongoing cost. Consumers will love that. I don't think we're doomed, exactly, but it's probably always going to be a problem. And there's probably a market for embedded firmware application layers that don't suck, for starters. |
|
|