As part of the agreement, the company will take specific steps to make sure that its Internet-connected cameras and routers are secure. It will implement the following:
- security planning
- threat modeling,
- sting for vulnerabilities before releasing products
- ongoing monitoring to address security flaws
- automatic firmware updates
- accepting vulnerability reports from security researchers
Additionally, D-Link agreed obtain biennial, independent, third-party assessments of its software security program for ten years.
Furthermore, under the settlement agreement, FTC has the authority to approve the third-party assessor selected by D-Link.
On the company has the option to have the assessor certify its compliance with the secure product development standard set by the International Electrotechnical Commission, an international standard setting organization.
