> What was this company doing in hiring an untrustworthy manufacturer to handle secure devices? That's playing a game you've lost from the start
You're assuming that there were feasible alternatives; from their comment below:
"wasn't our device. There was a big, reputable company behind the device. We were ordering a number of those and they would be shipped to us directly from China. ...
Also, we were basically locked in due to the magnitude of investment in the software we have developed for the device.
...
Fortunately this only lasted for few months until it was dealt with"
Business lesson to include a 'no China' if the hardware handles anything sensitive, with a large fee for violating it for the middle man servicing the contract.
You're assuming that there were feasible alternatives; from their comment below:
"wasn't our device. There was a big, reputable company behind the device. We were ordering a number of those and they would be shipped to us directly from China. ... Also, we were basically locked in due to the magnitude of investment in the software we have developed for the device. ... Fortunately this only lasted for few months until it was dealt with"