|
|
|
|
|
|
by mschuster91
1820 days ago
|
|
|
> This is a problem. I don't know the solution, except that companies should really commit to LTS support of things no matter the sales targets. The EU and US could mandate that all products sold in the EU/US have their firmware source code, working toolchain as a virtual machine image and all relevant documentation (including SoC docs, BOM and schematics, as well as case and other parts' 3D specs and any digital certificates and private keys) be held in trust at the national public libraries. When the manufacturer ceases to support the device - including not fixing critical security bugs at 90 days post disclosure - the complete archive is released to the public as open source. Additionally, the US and EU could mandate that any Internet connected device's firmware as well as its development process must pass an audit at certified organizations such as TÜV or UL. We're doing this for electrical and gas appliances already due to the risk these things pose to the general public, it's time to do the same for IT. Products developed as open source can be exempted from the audit requirement to incentivize open source development. |
|
|
If you want to enjoy the public protections of IP, the public needs to get a copy of source code and meaningful device access, upon whatever definition of un-patched software or device abandonment.
Obviously there's a lot to work out, but philosophically, I like the idea better than introducing new jurisdictions of regulatory power, especially when the relief sought should already be attainable under the public contract made in seeking government enforced IP protection.