Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Network Networking United States

D-Link To Undergo Security Audits For 10 Years as Part of FTC Settlement (zdnet.com) 21

D-Link has agreed to a settlement with the US Federal Trade Commission in regards to a 2017 lawsuit in which the US government agency accused the Taiwanese hardware maker of misrepresenting the security of its devices and ignoring vulnerability reports. From a report: As part of the settlement, D-Link has promised to implement a new software security program for its routers and Internet-connected cameras. The company has also agreed to subject itself to ten years of biennial security audits from a third-party, independent auditor. The FTC gets to choose the auditor, while D-Link got to decide the certifications the auditor must obtain before allowing it to review its security program.
This discussion has been archived. No new comments can be posted.

D-Link To Undergo Security Audits For 10 Years as Part of FTC Settlement

Comments Filter:
  • by Anonymous Coward

    Thanks. I'll stay with my custom solution. Yes, it will be more secure than theirs. If only because it is not made by somebody untrustworthy, it is profit-free, and because it is not hard to be better at it than D-Link. ;)

  • by The Cynical Critic ( 1294574 ) on Wednesday July 03, 2019 @03:05PM (#58868874)
    Considering the rather embarrassingly bad level of security in D-Link products overall I suppose it can't really get any worse. However I don't trust the third party to actually be that independent or perform thorough audits.

    However if they get rid of the admin accounts with standardized passwords that you can't remove or change the password on then at least that's something. It's obviously not good enough for me or anyone else familiar with their lack of security to consider their products, but at least that should slightly reduce the size of the botnets created from their devices bought by people who don't know any better.
  • by account_deleted ( 4530225 ) on Wednesday July 03, 2019 @03:46PM (#58869036)
    Comment removed based on user account deletion
  • by account_deleted ( 4530225 ) on Wednesday July 03, 2019 @05:07PM (#58869488)
    Comment removed based on user account deletion
    • It's not a bad idea to have a different group looking over your work. In the software world we call it the QA team. They basically perform everything the average attacker would do on your software while you adhere to security guidelines yourself and do your best not to be embarassed before the QA team gets to review your work.

      But "ten years of biennial security audits from a third-party, independent auditor" (as the article described it) is not software freedom [gnu.org] for the users. These alleged audits are indis

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...