Such things have already been demonstrated at conferences, and occurred in the real world. One, from January 2012, involved a hacker breaking into live feeds from 700 of TRENDnet's security cameras and making them available on the Internet. The company reached a settlement with the FTC that barred it from misrepresenting that its software is secure, but there were no reported financial penalties.
And a major barrier to addressing these problems, they said, is that users, "may not know, or care about installing updates. They just want to use the device."
So the goal of BuildItSecure.ly, they said, is to focus on the small vendors who don't have the budget or understanding of the need for security, build partnerships with them and educate them on best practices.
Their hope is to have the initiative, launched in February on a platform provided free by Bugcrowd, ready to launch in the next two months.
"We want to give vendors and researchers a say in how this works," Stanislav said, "and then we want to start finding bugs, rewarding researchers and solving problems."
Sign up for Computerworld eNewsletters.