Schneier on Security January 9, 2014Posted by sandyclaus in Computer Security.
The problem with this process is that no one entity has any incentive, expertise, or even ability to patch the software once it\’s shipped. The chip manufacturer is busy shipping the next version of the chip, and the ODM is busy upgrading its product to work with this next chip. Maintaining the older chips and products just isn\’t a priority.
And the software is old, even when the device is new. For example, one survey of common home routers found that the software components were four to five years older than the device. The minimum age of the Linux operating system was four years. The minimum age of the Samba file system software: six years. They may have had all the security patches applied, but most likely not. No one has that job.
via Schneier on Security.