The recently released technical guideline for secure broadband routers is simply a disservice to customers. This guideline will not prevent widespread malfunction of routers and their security problems in the future. The consumers will not get a useful way to distinguish secure and long living devices from risky devices or the possibility to take care of the security by them self.
Vendors are still allowed to block OpenWrt from the devices they sold, even after security support for the device was already terminated, making the device useless. The Chaos Computer Club (CCC) and OpenWrt took part in multiple review and discussion rounds with the Bundesamt für Sicherheit in der Informationstechnik (BSI) and representatives of multiple device vendors and network operators. These are our two main demands: 1. Vendors have to inform customer before buying the product for all devices being sold in Germany, how long the device will get security updates in case problems are found. 2. The customer must have the possibility to install custom software on their devices, to have the possibility to fix security problems even after the official vendor support ended. Press release in German https://www.ccc.de/de/updates/2018/risikorouter -------- This was published by the CCC and we published this on our website on Monday morning. I plan to provide some more technical details about this process which started in June 2017 in the next few days. Hauke
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
