For IoT especially, is the cost of secure development (or a framework/toolset) too high for vendors to bother with making their products more secure from the get-go? This is where majority of improvements have to begin.

Things could get bad especially on the ultra-low end of connected home/IoT products…