Tag Archives: Core Security

A Good IoT Set of Design Guidelines, But Missing an Important Point

Go here. Read it. It won’t take long.

I especially like #4:

Give Humans the Power to Opt-Out – I understand that the features in your device are amazing, life-changing even. However, when a device or its software affects someone’s life, they deserve a say in how they use it. It’s as simple as that. Especially if the software or its updates are in a life-saving healthcare device. The doctor and the patient must not only understand the features but need to come to an agreement on how and when they will be used. So yes, while sending an automatic order to the grocery store when you are out of milk seems innocuous, your customers should still get a say in how and when that order happens.

It’s refreshing to see Core Security take IoT vendors to task on security, but as a WLAN Architect/Admin/Instructor/Supporter/Philosopher/Fanboy, I do find a deficiency with the otherwise good blog.

EVERY kind of device finds it’s way to the business WLAN. And the business WLAN landscape should be moving away from pre-share-based WLAN security and MAC-exceptions on Guest WLANs. If you aren’t building in 802.1X support with the top few EAP types, you are still not getting it.

And too many device makers still are not getting it.