At this point, I think that any good undergrad computer engineering education should include a class on practical security patterns, and design for security. Or, at the very least, training on when you need proactively call on a developer with better chops.
It would save the world so, so much grief and cheap insecure consumer devices. I will flip my lid if I see another kiddy-cam on Shodan.
Security has certain cost associated to implement it. That makes product more expensive without any additional market value. There must be certain external incentives to motivate spending extra effort
> Security has certain cost associated to implement it
The article makes a strong case that, at least for minimum viable/ordinary security measures, the cost is $0.
The projector in question wasn't missing features that would have consumed any amount of the issuing company's margin to implement; it was missing features that would have consumed at most a couple of meetings and a junior dev spending 30min watching the first three YouTube results for "consumer device security issues", and then another 30min copy/pasting standard mitigations into place.
If they'd done the basic due diligence of putting a lock on the metaphorical door, they wouldn't have even had to spend the QA cycles making sure the lock was secure (though that would be nice). But instead they opted to ship sans security entirely.
> the cost is $0 > at most a couple of meetings and a junior dev spending 30min watching the first three YouTube results for "consumer device security issues", and then another 30min copy/pasting standard mitigations into place.
That's not $0 in my math. That's a total effort easily worth of a few thousands if not more from all aligning parties.