[Bartweiss]

> The healthy technology market will force IoT manufacturers to take security seriously.

What? It might force companies not to bleed user data, yeah - people got pretty upset about the dolls spying on their children. But "enabling a DDoS" is a textbook externality. It doesn't hurt the device buyers appreciably, most of them don't even know it's happening, but it causes lots of harm to someone who didn't contract with the company.

More broadly: do you see any evidence at all that the market is actually solving this? It's pleasant to say an efficient market would handle this, but the market we actually have is one where people sell broken products to customers who pay before the flaws are revealed, then move on to a new company name if their reputation gets bad enough. Add in overseas production so that you can't even sue if the seller violates a contract, and the real-world market isn't making any progress on this.