I wonder if this new freedom to do security research can help us discover vulnerabilities in our IoT devices before they're used in another massive DDoS.
The vulnerabilities in IP cameras and routers were publicly known long before the latest massive DDOS. But the manufacturers and users of those devices did not care, and they still don't.