[lmm]

People, and businesses, respond to incentives. The company probably did the economically rational thing here - the money they make from their remote-access features is more than the money they will lose for the insecurity.

Companies in industries that need to find ways to make secure software; it's not a hard problem if you're willing to throw enough money at it. But as long as customers don't care whether their products or data are secure, we'll get the security we pay for.

[Lawtonfogle]

People do care if it makes the news. But the current official ways of doing the testing doesn't make the news and testing that is news worth gets the cops called on you. How convenient that testing a security flaw is viewed as more negligent than allowing them in the first place as a cost saving measure.

[lmm]

Allowing the flaw was negligent. This test was reckless. The law treats knowingly ignoring a risk as worse than unknowingly allowing one.

[Lawtonfogle]

Unknowingly allowing a risk is a very generous way to describe policies that cut costs by increasing the chance of these risks. The ones who are endangering a small number of people to try to overall increase safety are currently looking at far more legal harm than those who endangered magnitudes more people for the sake of making more money. Don't contribute to stupidity what can be explained by amoral greed.