Every day, thousands of new devices are given internet connectivity - called the Internet of Things (IoT). Figure 1 displays IoT devices attacked worldwide in 2015. Most of the internet connected devices are inherently insecure and hackers realize this as an easy opportunity. Even though home routers were the most targeted devices, others weren’t spared.
IoT device manufacturers are starting to realize they need to implement security software to defend their devices. There are 4 ways they can approach the development of this security.
1) Do it yourself
Like the name suggests, your code is created by your programmers or contractors. Security is probably not their area of expertise and their efforts are likely not going to lead to increased customer demand. Most companies prefer to use their developers on key differentiating code.
2) Closed Source Code (Non-standard API)
APIs are developed by its supplier and are not open standards. The underlying implementation is not visible to the end user. A significant advantage of this type of software is that those providing this software, if successful, are generally well-funded and can provide good, long-term support and high product quality.
3) Closed Source Code (Standardized API)
The APIs are developed by recognized technical consortiums or governmental groups and are considered to be open standards. If you have a good partner, they can give you economies of scale, do extensive testing, attend standards meetings and maintain the needed detailed expertise to maintain the code over its entire lifecycle.
4) Open Source Code
Open source software is provided as source code which end users can see and compile. Some licenses are “toxic” in that you must also turn over as open source any code that you use or create to link to the open source code provided. Most open source is provided with the caveat “No guarantees are made with this code. Use at your own risk. If you have problems, you are on your own.”
So how do you know which model is the best fit for you? To learn more the article “Setting and Achieving Security Design Goals”.