[chasil]

I propose that hardware manufacturers be forced to divulge admin methods and encryption keys to their products 6 months after their software updates end.

At least users can apply workarounds in that condition. As it stands, there are no options for the owner of the device.

[staticassertion]

This just shifts the burden to the users, I don't see this as a meaningful solution.

I think that there would probably need to be classifications of software.

Things like:

1) Is this infrastructure (routers, scada)

2) What level of user data is exposed to this software ? (unencrypted user data, credit card info, etc - we already do this to some extent)

3) What level of exposure exists? (NAT'd, routable, etc)

And then start imposing restrictions on software in those cases.

But this is very off-the-cuff, obviously it's far more complex than this. But someone needs to be responsible.