myoon at mikeyoon.com
Wed Feb 8 15:26:49 UTC 2017
Very clear illustration, thanks for sharing.
It would seem solution would involve non market regulation (EPA for
pollution), or aligning with market forces such as aligning impact to buyer
of security with risk of public access to compromised information (like
videos from IP cameras).
On Feb 8, 2017 9:36 AM, "Ed Lopez" <ed.lopez at corsa.com> wrote:
In a recent article (
Schneier sums up the IoT security mitigation issue quite nicely in this
"The market can't fix this because neither the buyer nor the seller cares.
The owners of the webcams and DVRs used in the denial-of-service attacks
don't care. Their devices were cheap to buy, they still work, and they
don't know any of the victims of the attacks. The sellers of those devices
don't care: They're now selling newer and better models, and the original
buyers only cared about price and features. There is no market solution,
because the insecurity is what economists call an externality: It's an
effect of the purchasing decision that affects other people. Think of it
kind of like invisible pollution."
- Ed Lopez
Ed Lopez | Security Architect | Corsa Technology
Email: ed.lopez at corsa.com
sent from my iPad ... I apologize for any auto-correct errors
More information about the NANOG