> On 23 Nov 2016, at 15:59, Juliusz Chroboczek <[email protected]> wrote: > >> IoT land [...] there is bit more hope > > Joke, right?
Do the Security Economics need thinking about here: what are the threats and who’s best placed to confirm that some set of computers and services are safe and working correctly, how are they incentivised to behave ‘correctly’? It would be possible to externalise this cost and say that it’s a legal or commercial issue. But wouldn’t it be sensible to at least state some security related assumptions, and maybe document an initial view of the threats and impacted stakeholders (e.g. to highlight risks to third parties that the likes of Mirai present)? _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
