Based on these findings, the Report identifies five areas for improvement by industry participants across the mobile security ecosystem, which comprise only the beginning of a serious conversation that industry needs to have as IoT and connected devices continue to progress –
(1) Educate users about the importance of security updates and the critical role that users play in ensuring security;
(2) Continue the effort to build security directly into product design and updating processes, including creating written patching protocols to reduce the ad-hoc nature of current decision-making;
(3) Collect and share information on update support to develop a historic and comprehensive view of trends and issues;
(4) Streamline the security-update process, including bundling or unbundling, as appropriate, security updates from functional updates, testing and deployment; and
(5) Specifically for mobile-device manufacturers, provide users with more and better information about update support, including clearly communicating guaranteed support periods, expected update frequencies, and end-of-support schedules.