California governor signs country's first IoT security law
California Gov. Jerry Brown has signed into law a broad cybersecurity bill governing Internet of Things devices, making the state the first in the nation to adopt such legislation.
Brown signed the bill, SB 327, on Friday. The law mandates that any maker of an Internet-connected, or "smart," device ensure the gadget has "reasonable" security features that "protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure."
In June, California passed a data-privacy law that some have called the country's toughest. It includes stopping the collection and sale of personal data upon request from consumers. The new IoT rule, however, has garnered mixed reviews.
Submitted via IRC for Bytram
(Score: 4, Insightful) by qzm on Tuesday October 02 2018, @04:04AM (1 child)
So.. Tell me how that works when the CPU you use end up having a fault, or the commonly used library you are using had a fault, or your compiler, etc, etc.
When exactly will they also apply the same law to computers? Phones? No, I thought not....
(Score: 0) by Anonymous Coward on Thursday October 04 2018, @01:09PM
Usually, if you are doing "industry standard practices" you will be ok. Using OpenSSL, and heartbleed hits, you should be fine legally, as long as you patch in a reasonable time.
Rolling your own crypto package and you store the everything as plain text that can be accessed without authorization? Maybe not so ok.