Given all of the issues we've seen recently with their router firmware, the router. I demonstrated the Actiontec Q1000 exploit on Track 0.
> ![Q1000 Q1000](/uploads/1/2/6/2/126252330/526249331.jpg)
![Q1000 Q1000](https://opensource.actiontec.com/images/q1000.png)
a) People shouldn't have to flash their firmware to have an adequate level of security. If we're creating software we should hold some at least responsibility to provide basic security. Engineers in other fields take safety extremely seriously, why should software only provide it to a small percentage of people with technical knowledge?
I think you are comparing fundamentally different threat levels.
Say you're designing a car. A cool, safe car in which passengers survive head-on collision with a wall at 100km/h with 100% chance. That's a nice car, but it can't save you if someone shoots you in the head with a 9mm through the windshield, unfortunately. You want that kind of protection? You go and buy special car with bulletproof glass and additional security measures.
Your router may save you against someone typing 192.168.0.1 in browser and getting full rights without password. But it won't (and probably can't) save you from someone with enough tech knowledge and determination by default.
> b) Using up-to-date operating systems with update processes and security-conscious decision-making when packaging 3rd-party software is not a huge cost to these companies.
Well they won't want to spend it. People will buy them anyway like they do now.