Ooof...I wondered when this day would come although it does not yet effect my trade that I know of. I work in building automation, we are dealers for Siemens, Honeywell, American Automatrix and Johnson. It used to be that the specific controllers where proprietary and were commanded and programmed with the manuacturers software, open protocols such as LonWorks and BACNET have changed that. The front end we use for these systems runs on a windows platform and is based in JAVA. The program, designed and licensed by Tridium (now owned by Honeywell), is basically the same for all of the lines listed with only basic cosmetic and privilege changes and, in most instances, is web accessible. So in effect if someone were to design a bug that could infiltrate Tridiums software they could gain access to many systems and, while an intimate knowledge of many systems was once required, knowledge of only one is now required (more bang for your hacker buck!). Not so much a big deal for comfort cooling, and a little worse for server rooms and critical cooling, but when you consider that the same system can also have building access and security integrated into it the scenario becomes worse. I don't doubt that if there is a bug designed manufacturers will begin reversing the move to open protocol and touting their proprietary products as safe.
JR