Well, not really. What you're describing is the floor for any product I'll consider (depending on what "fundamental flaws" means), but that's not security.
Security is process.
- Do the engineers writing the code have sufficient time to do a good job (assuming they are competent in the first place? Which gets to the hiring process), or does marketing win that battle?
- What is the security audit process? Who has the keys to the servers, who changes the keys when one of those people leaves/dies?
- What processes exist to deliver security fixes to the lightbulb/baby monitor/robo-proctologist? How are consumers notified of the need, and how does the update payload delivery work?
- etc. etc. etc.
I mean, I do have a checklist of features for networked devices for my house. Those include things like user-serviceable certificates, root on things I own, etc. But unfortunately, when searching for a product, the important parts of the security picture are invisible, and reputation and visible implementation are really all there is to go on.
Security is process.
- Do the engineers writing the code have sufficient time to do a good job (assuming they are competent in the first place? Which gets to the hiring process), or does marketing win that battle?
- What is the security audit process? Who has the keys to the servers, who changes the keys when one of those people leaves/dies?
- What processes exist to deliver security fixes to the lightbulb/baby monitor/robo-proctologist? How are consumers notified of the need, and how does the update payload delivery work?
- etc. etc. etc.
I mean, I do have a checklist of features for networked devices for my house. Those include things like user-serviceable certificates, root on things I own, etc. But unfortunately, when searching for a product, the important parts of the security picture are invisible, and reputation and visible implementation are really all there is to go on.
Which is why my lightbulbs don't get wifi.