[ircshotty]

This seems like a good thing in theory... but if it's all all successful, where goes the inventive for manufacturers to be more careful about their code?

Why should they make secure code if it's just going to be fixed for them?

Also, where's the incentive for lawmakers to regulate IoT security if less people are affected?

[csydas]

I think the general idea is more "they're not fixing it and there is no incentive, and while we wait and see if there is, botnets are spinning up huge DDoS attacks on demand, plus much much more."

The vigilante concept implies some known disregard or dismissal for the current law/powers that be for whatever reason the vigilante is motivated by. Add in the vast number of products made in jurisdictions where regulations aren't well enforced or can be circumvented easily, and soon it starts to look a bit dire to wait for the proper authorities to work.

I don't really know what to think about the Hajime botnet, but their motives are pretty easily understood.

[noobiemcfoob]

But they are fixing it. And there is incentive. People are just upset that it isn't happening faster, so they clamor for more incentive. IoT is a new born baby in an industrial filled with 3 year olds. I guarantee in 100 years, we all will seem bumpkins developing the WORST ideas of security.