Should Manufacturers Sponsor Penetration Testing Of Competitor's Products?

In the Dear John letter discussion, U17 suggests the following:

...it would seem that publicizing the backdoors so that the integrators can demonstrate the risk would be one of the few avenues to combat the predators. One thing to talk about them, another to provide the steps a),b),c) so that integrators can plant the seeds in the mind of the end user. In essence provide a limited configuration to the customer and let them see the exposure they're facing.

But why stop there?

Why not put a few bucks to work and have some pen testers see what vulnerabilities they can find in their competitors products?

If they find something especially damaging they could have the pen testers release it on their own, to avoid any negative backlash.

Or they could sit on the bug, until just the right moment comes and then have it 'discovered', or build up a few to make a bigger splash in the news.

Pay the hackers to give as many talks as possible about the findings after to keep it alive.

This is assuming end-users actually care if their camera can be hacked or comes with a backdoor, certainly a dubious proposition in the past. But I feel awareness of the danger of unsafe devices is finally growing at the consumer level, and once you get branded as hackable, it might be hard to shake.

Might get the industry to fix their problems quicker.

Should manufactures pen test the competition? Yes/No.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

*******:** ***** **** ***********

** **** ********, ** ****** **** *** ******, ****** * think *** **** *** *****.

(*) * *** ** ************* *** ******** ******** ** ***** competitors. ********* * ***** **** ************* *** *** ****** *********** that **** ** *** **** **** *********** ********** ** ***** competitor's *********. ** **** ** *** **** *** **** / interest / ********* ** **** ****, * ** *** ********** about *** *******.

(*) ****** *** ************* *** ****** ********* ** *** ******** negative ***** ***********, **** ** ** ** ****. ***** *** only **** ********* (*.*.,***** ********** *******'* *****-******).

******* **** ***********, * ***** ** ** ********* **** **** should ****. ********?

(*) * *** ** ************* *** ******** ******** ** ***** competitors.

** *****. *******, ******** ***, ******* ** ***** ************, *** best **** ** ****** ******* **. ***** ****** *******, *.*. Coke **. *****.

** ** *** ***** **** **** *** ******** ****** ***** to ******* ******* *** "***'* ****" ****, ***** ***** **** competitive ***** *********, *.*. ** *** **** **** **** ********* is *** ******** ***** ***** *** ******* *** ** *** dark ***** ****.

(*) ****** *** ************* *** ****** ********* ** *** ******** negative ***** ***********, **** ** ** ** ****.

** ***** ** **** ** ** ******* **** **** * negative ******** **** ******* **** ***, *** ******** ** ***** retaliation.

****'* ***** **** ****** ****** ******,since ******* *** ******* *************** *** *** ****, *** *** *** **** ** **** **** **** ** **** ********** ********* **** ** ***? As opposed to running an anonymous negative ad against your competitor, where everybody would be assuming who it was from.

*** *** ** ****** ******** ***** *** ** ** *********, regardless ** ********.

* ***** ** *****, *** * ***'* ******* ******* ******* works ** **** *******. ** ******* ****** ********* ***** *** release ******** ******** ****** * ******* **** * ****** *******/******* is ******** ***-********** ** ***** ******** ** ***************.

** ****, * ** *** **** **** ***** **** *** Manufacturer * ** **** *** ******* ** ************ *.

***** ****** *****, * ** ***** ****************-******* ******* ***** **** ***** *** ******* *** ******** ***** forward.

*************, ******** ********* **** ******** *******, ***********'* ********** (**), ** an **** ***** ** ************--** ***** ** *** **** ** to *****. **** ***** **** **** **** **** ********* *** be ****** ** ****** ******* **** ******** *******.

****? *********? ******** ***** **** ***** ********!

** **** *** **** * ****** * ***'* ***** ** have *** ***** ** **** **.

* ***'* ******* ******* ******* ***** ** **** *******.

*** **** ******** ***** ******? ;)

*** ***** ******* ***** ******** ** ****** "*********** **********", *** would ********* ******* ********* *** ****** ***** ** **** ****** them **** **** ** *****. ** **** ** **** ******, and ***** ********* ** *** ** ** *** ****** ** act ** ***** ***** *** ******* ** *********.

*** ******'* **** ***** ** **? **** ** **** **** these **** **** ******** ******* *** ****-*** ******* ** *** sort, ****, **** ******* ******** ***** **** **** ** **** threat.

* ***** (****) ******* *** ****** ********* ** *****, *** I ***** ** ********* ** **** **** ** ***** ***'* happening ******* ** *** ****** ****** ** ********** *** ******* OS.