security-course

Security, Privacy, and Consumer Protection

View the Project on GitHub noise-lab/security-course

Internet of Things (IoT) Security

Resolution

IoT vendors should be held liable for damages resulting from unpatched security vulnerabilities in their devices.

The debate will be “Oxford Style” and follow this format.

Resources

Here are some resources and questions to help guide and nuance the debate:

Questions

  1. What counts as a “reasonable” patch timeline for IoT devices, particularly low-cost consumer devices?
  2. Should liability depend on whether the vendor continued to sell or support the vulnerable product?
  3. What obligations should apply to end-of-life devices that are no longer maintained?
  4. How do hardware constraints or lack of update mechanisms factor into liability?
  5. Does imposing liability stifle innovation or create better incentives for secure design?
  6. What is the role of third-party software or libraries in IoT security failures?

Readings