I bet most people find digital security too abstract to understand why it’s important, and not bother with updates that didn’t include shiny new features.
Also, Generic Phones Inc. don’t see any money in pushing out pure security features — only big players get that benefit, because it’s a type of quality thats a tragedy of the commons thing.
I’d change the laws by international treaty to require security patches for all devices for whatever the 2σ lifetime is. If the manufacturers don’t want to do it themselves, then an open source requirements and a sales tax to fund hiring developers to fix it.
I'm arguing the opposite: I think people would update if updates didn't break their shit. I have no statistics on this, and would gladly welcome some, but IME people heavily complain that "the last update broke my $x, so I don't want to update again".
If we had 2 different channels of updates: security and feature, then this wouldn't be an issue.
I completely agree with you about the laws and open-sourcing.
Also, Generic Phones Inc. don’t see any money in pushing out pure security features — only big players get that benefit, because it’s a type of quality thats a tragedy of the commons thing.
I’d change the laws by international treaty to require security patches for all devices for whatever the 2σ lifetime is. If the manufacturers don’t want to do it themselves, then an open source requirements and a sales tax to fund hiring developers to fix it.