Trustworthy Response to Product Vulnerabilities Demonstrates Leadership

I applaud Google for taking extraordinary steps to protect and service their customers by offering free replacements for the Titan Bluetooth Security Keys. Such product recalls can be expensive, time consuming, and prolong negative stories in the news cycles, yet it is the right thing to do.

Many companies would choose instead to downplay such vulnerabilities, deploy patches which are ineffective or severely impact usability, invest in counter-marketing stories to distract audiences, threaten legal action against researcher to suppress public visibility, or perhaps simply spin the news stores to minimize the brand impact. Actually managing the risks for the benefit of the customer can become a forgotten objective.

The rapid innovation and go-to-market pace of modern electronics precipitates the risks of vulnerabilities. There are practical tradeoffs between security validation and market competitiveness that drive industry best-practices. No matter how diligent the work is to harden products, it is likely that some unknown weaknesses may exist or be discovered.

The moment of truth is when vulnerabilities are discovered. Most big suppliers have product security response or assurance teams. Their policies, decisions, and actions speak volumes about the ethos and…