Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Consumer Reports Proposes Open Source Security Standard

posted by Fnord666 on Sunday March 12 2017, @03:04PM   Printer-friendly
from the Russians-hacked-my-toaster.-Again. dept.

-- OriginalOwner_ writes:

TechDirt reports

Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle is now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in some of the most devastating DDoS attacks the internet has ever seen. In short: thanks to "internet of things" companies that prioritized profits over consumer privacy and the safety of the internet, we're now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in mass human fatalities.

Hoping to, you know, help prevent that, the folks at Consumer Reports this week unveiled a new open source digital consumer-protection standard that safeguards consumers' security and privacy in the internet-of-broken things era. According to the non-profit's explanation of the new standard, it's working with privacy software firm Disconnect, non-profit privacy research firm Ranking Digital Rights (RDR), and nonprofit software security-testing organization Cyber Independent Testing Lab (CITL) on the new effort, which it acknowledges is early and requires public and expert assistance.

As it stands, most of the proposals are common sense and take aim at most of the common issues in the IoT space. For example, encouraging companies to spend a few minutes engaged in "penetration testing" of their products before shipping (a novel idea!). The standard also hopes to ensure companies notify consumers of what's being collected and who it's being shared with, and that devices aren't using default login credentials. But Consumer Reports also notes that it hopes to develop these standards with an eye on more broadly incorporating them into product reviews.

"The standard should be easy enough for consumers without a technical background to understand, yet sophisticated enough to guide testing organizations such as Consumer Reports as we develop precise testing protocols. We want to rate products on measures such as security, in much the same the way we currently assess products for physical safety and performance."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Consumer Reports Proposes Open Source Security Standard | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Informative) by Anonymous Coward on Sunday March 12 2017, @06:15PM (1 child)

    by Anonymous Coward on Sunday March 12 2017, @06:15PM (#478126)

    That term is IoT.

    The title, as submitted, was
    Consumer Reports Proposes Open Source Security Standard To Keep The Internet Of Things From Sucking

    Stripping away significant stuff is a bad "editing" technique.

    -- OriginalOwner_ [soylentnews.org]

    Starting Score:    0  points
    Moderation   +2  
       Informative=1, Touché=1, Total=2
    Extra 'Informative' Modifier   0  
    Total Score:   2  

  • (Score: 1) by Scruffy Beard 2 on Monday March 13 2017, @04:39PM

    by Scruffy Beard 2 (6030) on Monday March 13 2017, @04:39PM (#478488)

    When forwarding the story to a friend I added IoT back in to the title (without even checking the original submission)