Security for all

There should be no barriers to timely fixes in security -- including updates, patches, and workarounds -- particularly considering implications for users of various socio-economic status and citizenship. Security updates should be distinguishable from feature updates.

What we would like to see

Security researchers will be able to and encouraged to test the products and services to break security and privacy. Open and transparent security research identifies defences necessary for cyber-physical security and safety and challenges information asymmetry.  

Cyber security will be considered a common good, which benefits everyone. Policies and initiatives must not advantage only some people over others. This means that a national government policy should not disadvantage people outside that country, or certain sectors of society.

What this will mean

Industry will have to commit to patches and updates for their systems, and create an environment where bugs are sought and reported, and fixed for users globally. 

Listening and always on devices that are under the control of the service provider will be patched so long as it is processing for that provider. 

Essential reform actions

Cybersecurity policies must ensure that they protect all people across economic and geographic boundaries and promote end-to-end encryption.