As government agencies are beginning to pursue enforcement actions for substandard security practices, a debate is emerging around how we legally define "reasonable" security for purposes of consumer protection. Particularly as the Internet of Things begins to permeate all aspects of consumers' lives, a future with software liability looms large. It is becoming increasingly important to craft a common legal understanding around what types of practices are "reasonable" security measures. Let's debate what that legal definition should be.