- suspect a lot of functions could be described by a common, free to use API. The GPL worked well for Linux and maybe it could be the model here too.
- Open it up so the end user can also tinker with the device. Look at what has happened and is still happening to Linux over 25 years.
- With a common API you can present to the users a consistent front-end for setting values, reviewing settings over a number of products in your IoT product offerings. When there is a new product it would simplify the development work on building a front end as code for common functions are already there.
- Too often there is a security hole and there is no way for the end-user to fix or for the manufacturer. Many times the users don't know there is a hole until news about the issue hits mainstream media, or, hobbyist friends send them a note.
- What would it cost to allow the user to get patches and updates?
- For certificates there MUST be a way to update the certificates when they are compromised. Right now we either live with compromised devices or trash the devices.
- Default settings, allow the user to modify what goes out over the network.
- Makers claim their devices are secure, but, without being able to inspect how they implemented their security we don't know for sure.
Life of device.
- Define what the process is, what will be patched and for how long and when it will not be supported. Dropping support and killing the servers that result in the device being a paper weight isn't acceptable.
- Be up-front on what is captured, why and the frequency it is sent. Allow the end-user to select the level of information sent out and explain why it is needed and functionality lost by opting out.
- When the device gets hacked (not if) be up-front to the community on what happened, what was taken and the steps being taken to close the problem and fix so that it won't happen in the future.