The Online Trust Alliance has extended its public comment period on the IoT Trust Framework draft until 21 September. The framework has the following goals:

• Provide guidance to manufacturers and developers to help reduce attack surface and vulnerabilities, and adopt responsible privacy and data stewardship practices.
• Drive the adoption of security, privacy & sustainability best practices; embracing “privacy and security by design”, as a model for the development of a voluntary, yet enforceable code of conduct.
• Provide positive affirmation and recognition to companies, products, and retailers who embrace the code of conduct and meet minimum standards.
• Provide retailers / commerce sites criteria to aid in their product merchandising and promotion decisions.
• Where possible, apply existing standards from NIST, NTIA, ISO and other industry working groups.
• Encourage collaboration, sharing of best practices and threat intelligence.
• Evaluate and identify gating issues and considerations which may lead to the development of a seal or certification program.

I submitted the following comments.