Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Which is not a real issue in practice.

Are you serious? The number of IoT companies that make a product for a couple years and then go bust is enormous.

> It's like arguing that warranty doesn't matter because the vendor might go out of business.

How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

 help



The typical IoT company not surviving the typical lifecycle of their products shows that IoT is a seriously dorked up idea. Anybody deploying them who values security should choose products that can be updated even after the vendor is gone.

> How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

I was not talking about using warranty for this.

reply


> The typical IoT company not surviving the typical lifecycle of their products shows that IoT is a seriously dorked up idea. Anybody deploying them who values security should choose products that can be updated even after the vendor is gone.

But then many consumers value cost or other things over security, which is why you need all the devices to be able to be updated even after the vendor is gone.

> I was not talking about using warranty for this.

Then why are you talking about a warranty to begin with?

reply


> But then many consumers value cost or other things over security, which is why you need all the devices to be able to be updated even after the vendor is gone.

This is only possible if the firmware is replaceable. Along with a practical update mechanism it also requires the possibility to create an update package. That can be achieved by using open source components, but there might be other mechanisms. For example making provisions in case of bankruptcy.

> Then why are you talking about a warranty to begin with?

I was making a comparison with warranty law, which exists to ensure a certain minimum bar for quality and longevity of products. Which is usually desired, therefore legal provisions for updateability of hardware should also be required. Note that a firmware update might well become required within the warranty period.

This is by no means a new concern. IP cams, home routers, robot vacuums, and internet-enabled fridges exist for a long time already. The warranty period was never intended to cover "smart" devices. Maybe forcing an extension of the warranty period for such devices is enough to take care of the problem.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: