→ @Even basic tenets like "validate every piece of input for correctness and ensure all injection is mitigated" are too hard for too many programmers.
Security is hard, let's make yet another IoT device.
inmysocks Of Doom, Naked KSC@Elizafox when I worked for a university I was told that I shouldn't worry about validating database input correctly because the head IT guy didn't think it was possible to use parameterized inputs.
It took me about an hour to make it work with their system.
Whidou@Elizafox As an IoT programmer, I can ensure you I would love to take the time and effort to design secure devices and test them properly.
Unfortunately, none of my customers ever wants to pay nor wait for that kind of quality. Most IoT products have a short lifespan and companies don't care if a security exploit (or any other kind of bug) is found a year down the line, they'll have already moved on to a new product, with the same flaws.
Unfortunately, none of my customers ever wants to pay nor wait for that kind of quality. Most IoT products have a short lifespan and companies don't care if a security exploit (or any other kind of bug) is found a year down the line, they'll have already moved on to a new product, with the same flaws.
Dex@Elizafox Security isn't sexy, and the normals don't have the attention span to punish data breaches in any financial meaningful way.