
California's bad IoT law - raleighm
https://blog.erratasec.com/2018/09/californias-bad-iot-law.html
======
jiveturkey
Typically I hate this kind of blog. More often than not, they get it wrong and
tend to oversimplify. This post on the whole is good though.

However:

This guy is a security guy? Why is he dealing in absolutes? The law is a step
forward. It's perfectly reasonable to get _something_ on the books, even if
it's far from perfect.

It's a rough (very rough) draft of GDPR-like principles applied to security.
Being "reasonable and appropriate" is a perfectly reasonable requirement. You
will demonstrate it by having evidence of a security-focused (as opposed to
product-focused) assessment _before_ you launched your shitty IoT product.
That "reasonable and appropriate" is vague is a good thing, not a bad thing.
It floats with the current set of threat vectors.

------
natvert
Could whoever is attending the next tech Illuminati summit plz tell me where,
outside of Californa of course, everyone is going to move to start their next
company?

~~~
phendrenad2
I think the point of these laws is so that companies with a surplus of cash
can just dump money into compliance and thus maintain the barrier to entry.

~~~
sieabahlpark
I honestly think that's why companies stay in California because it's just so
hard to actually enter the market.

