- From: Jeffrey Walton <noloader@gmail.com>
- Date: Tue, 21 Oct 2014 21:06:38 -0400
- To: Chris Palmer <palmer@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
>>> if a device is only marketable if its price point is so low that it >>> cannot be secure, perhaps it should disable itself after some >>> reasonable life-time >>> >> -1 >> >> Users will perceive it as planned obsolescence for business reasons, and >> I wouldn't be surprised if producers treated it like that, too. > > Otherwise it's planned unsafety. > > Perhaps vendors could open source their abandonware. Dan geer posits the code should be seized and placed into open source. >From http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/: Suppliers that refuse both field upgradability and open source access to their products should be said to be in a kind of default by abandonment. Abandonment of anything else of value in our world has a regime wrapped around it that eventually allocates the abandoned car, house, bank account, or child to someone new. All of the technical and procedural fixes to the monoculture problem need that kind of backstop, viz., if you abandon a code base in common use, it will be seized. That requires a kind of escrow we’ve never had in software and digital gizmos, but if we are to recover from the fragility we are building into our “digital life,” it is time...
Received on Wednesday, 22 October 2014 01:07:09 UTC