I think tech as an industry has come quite a long way in the past few years of clarifying (and hopefully adopting) what security best practices is. This, OWASP, and other similar initiatives are good: you can have a rough checklist of what's required to have a roughly "secure" app, and what the common loopholes are. This is not easy stuff.
I don't know what this means for the institutional/enterprise side, whether certification will be meaningless, etc. But the document itself seems relatively sensible to me!
Their certification requirements do seem solid but the concerning thing about ioXt is that, if you look at the list of certified devices / apps, there's a grand total of 3 pages containing less than 50 entries. Given the large list of members, it seems odd to have so few issued certifications.
https://static1.squarespace.com/static/5c6dbac1f8135a29c7fbb...
I think tech as an industry has come quite a long way in the past few years of clarifying (and hopefully adopting) what security best practices is. This, OWASP, and other similar initiatives are good: you can have a rough checklist of what's required to have a roughly "secure" app, and what the common loopholes are. This is not easy stuff.
I don't know what this means for the institutional/enterprise side, whether certification will be meaningless, etc. But the document itself seems relatively sensible to me!