I cannot take this idea that "innovation" will be stifled because people were told to actually give a shit about what they were doing. Honestly, if it means that fly by nite groups aren't releasing their "innovations" out there, I'd consider it a pretty good trade.

Obviously the products out there that aren't giving a fuck are still selling. There isn't a market without buyers.

That's why we need the regulation in order to make them give a fuck.

What I'm ultimately arguing here is that: even after the regulators step in and make make them give a fuck, I mean really give a fuck, and they are forced to fix the low hanging fruits, these botnets or other similar machinations, will still exist. In fact, if we assume the regulations work and actually make things harder to exploit, we can add in the knowledge that the price for using and creating IoT botnets will go up - possibly making botnet creation a more lucrative career than IoT defense. I'm saying we have a technical conundrum that regulation can't regulate away.

I completely and totally disagree. You're basically saying that, because it will become harder in the future, we shouldn't even try.

Well I think we can agree to disagree on regulation as the method of fixing the issue. Of course we should do something. I'll admit I'm not sure what though and have no better proposal. I just believe regulation is too blunt an instrument.

I don't see how anything but regulation would do it. The companies clearly don't give a shit, and they won't, as they can't really be held accountable.