Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I’ve advocated for the FCC to require device manufacturers to support their devices with security updates for a reasonable amount of time [1].

No offense intended, but I would be worried about this more than I would be worried about the current state of the IoT world. A blanket requirement would punish hobbyists and small companies prototyping new technologies. But big players could spend relatively minor technical and legal resources for publishing regular "security updates" without trying to find and close the biggest security holes.

I would prefer that FCC works to inform: maintain an up-to-date database of issues (reported by both the manufacturers and by third-parties), impacts and recommended fixes for those that have a fix. My 2c.



None taken, of course. Several people in this thread have made this point, and it's a very reasonable one.

The current framework is 100% voluntary for what amounts to a marketing label. There are non-FCC government databases for issue reporting, and a commitment to reporting to such DBs could be part of what earns you a higher label. Would be great to see commentary on this point from the tech public.


> I would prefer that FCC works to inform: maintain an up-to-date database of issues (reported by both the manufacturers and by third-parties), impacts and recommended fixes for those that have a fix. My 2c.

How would that help 99.99% of consumers? They are not going to look in databases, understand the issue, and apply fixes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: