[EricMausler]

I was speaking towards probing the business not the things you own.

Using housing as a metaphor is common because it's an incredibly common thing people can relate to with personal experience, and is something people typically have relatively detailed intuitions built around what they are okay with and not okay with regarding it.

It got the point I was making across, but I do think there was a misunderstanding about what I was applying it to. I was referring to people who probe businesses security vulnerabilities on the internet side of IoT, not people who check for vulnerabilities in things they own on the T side of IoT.

As for the bar analogy, I agree that there is a lot of room for reasonable due diligence to test the security if there is potential for you to be at risk of its failings. This is more in line of my last paragraph, and I do still assert that solutions that avoid the need for people to verify security themselves should be preferable to one's that do.

If you've got 2 legally independent entities messing with the same device, and then abuse of the device does happen and it leads to damages - can you understand how much more difficult this becomes to sort out than if the company was solely responsible for the device?