[mgulick]

Computer security is hard, and I think a "security label" would give a false sense of safety. Requiring manufacturers to respond to critical security vulnerabilities for a given period of time sounds like a good idea, but such rules often have unintended side-effects (like impacting startups, who maybe couldn't afford the certification or can't guarantee long term support). What we really need is local-only device access, so that I can firewall a device off completely from the internet, and still make full use of it with a local controller like home assistant. Locking down devices with the threat of DMCA violations to reverse-engineers actively reduces device security, and takes away my ability to fix devices myself.

This overall strikes me as much lower priority than the currently ongoing ATSC 3.0 DRM doom. Please please please do something about this nightmare that broadcasters are imposing on the public. Don't let broadcasters take away my ability to watch live TV without an internet connection (resulting in a complete emergency broadcast system failure?). Don't let broadcasters take away my ability to record/time-shift live TV using software-based DVRs (e.g. Plex, Jellyfin), which could never possibly meet the "Nextgen TV" certification requirements!