> If we want security standards, they need to be legislated democratically and applied to all devices -- not left up to consumer choice.
A more important piece of legislation would be to require governmental security agencies to inform companies of the security flaws in their products and to require the companies to fix them. Organisations like the NSA stockpile security flaws in secret in order to exploit the flaws for their own ends.
The WannaCry malware caused worldwide economic damage and was a direct result of the NSA losing control of its EternalBlue exploit. Had the NSA reported the flaw to Microsoft the problem could have been fixed before it ever became a problem:
It's unacceptable that these organisations are permitted to act like cowboys with our common infrastructure. These are not messes I want to spend my days cleaning up.
A more important piece of legislation would be to require governmental security agencies to inform companies of the security flaws in their products and to require the companies to fix them. Organisations like the NSA stockpile security flaws in secret in order to exploit the flaws for their own ends.
The WannaCry malware caused worldwide economic damage and was a direct result of the NSA losing control of its EternalBlue exploit. Had the NSA reported the flaw to Microsoft the problem could have been fixed before it ever became a problem:
https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
https://theintercept.com/2017/05/16/the-real-roots-of-the-wo...
It's unacceptable that these organisations are permitted to act like cowboys with our common infrastructure. These are not messes I want to spend my days cleaning up.