Re: How about we be given the option of audits…?
A real audit or a pen-test by a proper crew is expensive. You are looking at sums north of 200K for a pop. 99% of PHBs will balk at that number and do it only if it is a regulatory requirement.
So unfortunately, if these devices are to be audited or pen-tested there are only two options.
1. Short the stock and have the hacker make the money there. Make this is the norm and do not complain when it is being done to you.
2. Make the auditing/pen-testing a regulatory requirement and create a market where you can hire crews to do so.
A beneficial side effect of both is that some of the grews operating in the grey (or even black) area today may move to more white hat jobs so either case is win-win (provided that you do not have congressmorons adding them to embargo lists without a shred of evidence to support it).
Biting the hand that feeds IT
