← Back to context

Comment by kachapopopow

19 hours ago

I don't think it does outweigh the benefits, the real benefits would be punishing or/and banning vendors that do not secure their devices since using laws such as "timely updates" just promotes them to include sloppy (insecure) implementations for pushing said updates just to do bare minimum to comply with the law.

relevant law here: EU Cyber Resilience Act (CRA).

1 comment

kachapopopow

Reply
mmooss  16 hours ago

> I don't think it does outweigh the benefits

Fine, but that is the real discussion to have. Not 'it has this risk and therefore is bad'.

> banning vendors that do not secure their devices

I think the goal is to encourage positive behavior, not try to monitor everyone and evaluate their updates.

> promotes them to include sloppy (insecure) implementations for pushing said updates just to do bare minimum to comply with the law

I imagine the law is more than just one clause ?