Australia's Security Standards for Smart Devices rules will be enforced in a few weeks (from 4 March 2026). Good start, but...
First, this doesn't apply to computers and phones, but home routers, smart home cameras and other connected devices. It mandates:
- No universal default passwords
- Vulnerability reporting mechanisms
- Transparent security update periods
But:
- There is no requirement on a minimum duration for security updates — 1 year is fine, so long as you say it.
- "Published" is one thing, but when is the last time you updated your home router?
- How well will this be enforced?
It's progress, but it still puts the onus on us, the public, to do the right thing. I wish this had gone further with at least:
-
Minimum duration for security updates
-
Mandatory automatic security updates (for critical vulnerabilities at least)