Vint Cerf, Dave Farber and Dave Täht present to the FCC a plan for more secure, reliable WiFi Routers and Internet. Cerf urges “a bare minimum of openness in the technology at the edge of the Internet. He believes this would “ensure that any mistakes or cheating are caught early and fixed fast.”
260 engineers joined the call including prominent ones like Linus Torvalds, Bruce Schneier, David Reed and Paul Vixie. The vendor would be required to post their software on a public repository such as Github. They would be required to fix any security holes and provide updates as security problems are discovered. In particular, the FCC rules should:
- Provide public, full, and maintained source code for review and improvement
- Assure that secure firmware updates are available and under owner control
- Address known security vulnerabilities in source and binary within specific time frames
- Be made aware that noncompliance could result in decertification.
Many, probably most, WiFi routers and smartphones are not updated to fix all known security holes, I believe. Without access to the source code/firmware, users cannot do anything about vulnerabilities in their own equipment. Without access, many Internet advances will be difficult or impossible to implement.