On Wed, 11 Oct 2023, David Bray, PhD via Nnagain wrote:

> There's also the concern about how do startups roll-out such a label for
> their tech in the early iteration phase? How do they afford to do the extra
> work for the label vs. a big company (does this become a regulatory moat?)
>
> And let's say we have these labels. Will only consumers with the money to
> purchase the more expensive equipment that has more privacy and security
> features buy that one - leaving those who cannot afford privacy and
> security bad alternatives?

As far as security goes, I would argue that the easy answer is to ship a current 
version of openwrt instead of a forked, ancient version, and get their changes 
submitted upstream (or at least maintained against upstream). It's a different 
paradigm than they are used to, and right now the suppliers tend to also work 
with ancient versions of openwrt, but in all the companies that I have worked 
at, it's proven to be less ongoing work (and far less risk) to keep up with 
current versions than it is to stick with old versions and then do periodic 'big 
jump' upgrades.

it's like car maintinance, it seems easier to ignore your tires, brakes, and oil 
changes, but the minimal cost of maintaining those systems pays off in a big way 
over time

David Lang