>Do they mark updates as fixing security bugs? (If not, they care more about hiding security issues than fixing them)
Sometimes device updates are marked with "fix" to protect users. Even if iot devices automatically patch themselves, an entire managed fleet does not get patched instantaneously. In my expirence there can be a significant long tail to 99.99% (you never actually get 100% updated). There will always be some percentage that are offline and thus vulnerable to a bug. Not drawing attention to something significant is not alwaysa choice of a fully self-serving nature.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Generally agreeing except for one point
Date: 2016-10-29 01:37 am (UTC)Sometimes device updates are marked with "fix" to protect users. Even if iot devices automatically patch themselves, an entire managed fleet does not get patched instantaneously. In my expirence there can be a significant long tail to 99.99% (you never actually get 100% updated). There will always be some percentage that are offline and thus vulnerable to a bug. Not drawing attention to something significant is not alwaysa choice of a fully self-serving nature.