The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Does not patching amount to strict product liability?

See Article Here

As I think about the difficulties of keeping secure the "Internet of Things" I wonder if we can use the same type of process for IoT as we do for many application updates. Obtain consent from the buyer upon the sale of their IoT refrigerator, washer/dryer, etc. that the company will push software updates to the device. I don't know if this is already done, my washer and dryer has the capacity to be added to my network, but why? I know the manufacturers of these devices do not want to hire a team to keep their IoT device secure but it would seem to me, if you are going to sell such a device, you should take the added step to make sure it stays safe and secure. 

The question I have is if a "researcher" finds a vulnerability and lets the manufacturer know, will they fix the issue? If they don't and something happens like the device causes harm to an individual would strict liability under product law apply? Did that manufacturer sale a defective product? So many questions......