I think that there are a lot of ways to approach this. The Heartbleed disclosure was very well done and has a lot of lessons, perhaps there's something to learn from that.
Personally, I think it's completely unacceptable the way many technologies critical to keeping people alive are so vulnerable. Especially if the vulnerabilities are as widespread as the article suggests (30%!), find a list of 10-20 that vary in importance. List all the products, and list the consequences of each vulnerability.
Then start dropping 0-days one at a time until the industry realizes you are serious. Start with the less severe ones, but if the pacemaker vulnerability hasn't been addressed after a few months of weekly vulnerability releases, don't hold back. The more publicity you can get the more likely a company is to patch vulnerabilities.
If _teenagers_ are capable finding vulnerabilities that can end lives using a script they downloaded online, then we need to be ready to take drastic action. The industry is in a terrible state and we aren't safe, and decreasingly so as these gaping holes continue to sit there and be discovered.
Personally, I think it's completely unacceptable the way many technologies critical to keeping people alive are so vulnerable. Especially if the vulnerabilities are as widespread as the article suggests (30%!), find a list of 10-20 that vary in importance. List all the products, and list the consequences of each vulnerability.
Then start dropping 0-days one at a time until the industry realizes you are serious. Start with the less severe ones, but if the pacemaker vulnerability hasn't been addressed after a few months of weekly vulnerability releases, don't hold back. The more publicity you can get the more likely a company is to patch vulnerabilities.
If _teenagers_ are capable finding vulnerabilities that can end lives using a script they downloaded online, then we need to be ready to take drastic action. The industry is in a terrible state and we aren't safe, and decreasingly so as these gaping holes continue to sit there and be discovered.