Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Tuesday October 02 2018, @01:30AM   Printer-friendly
from the first-step dept.

California governor signs country's first IoT security law

California Gov. Jerry Brown has signed into law a broad cybersecurity bill governing Internet of Things devices, making the state the first in the nation to adopt such legislation.

Brown signed the bill, SB 327, on Friday. The law mandates that any maker of an Internet-connected, or "smart," device ensure the gadget has "reasonable" security features that "protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure."

In June, California passed a data-privacy law that some have called the country's toughest. It includes stopping the collection and sale of personal data upon request from consumers. The new IoT rule, however, has garnered mixed reviews.

Submitted via IRC for Bytram


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by qzm on Tuesday October 02 2018, @04:04AM (1 child)

    by qzm (3260) on Tuesday October 02 2018, @04:04AM (#742635)

    So.. Tell me how that works when the CPU you use end up having a fault, or the commonly used library you are using had a fault, or your compiler, etc, etc.

    When exactly will they also apply the same law to computers? Phones? No, I thought not....

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Thursday October 04 2018, @01:09PM

    by Anonymous Coward on Thursday October 04 2018, @01:09PM (#744050)

    Usually, if you are doing "industry standard practices" you will be ok. Using OpenSSL, and heartbleed hits, you should be fine legally, as long as you patch in a reasonable time.

    Rolling your own crypto package and you store the everything as plain text that can be accessed without authorization? Maybe not so ok.