I admit I write about updates a lot – but they are important, as illustrated by the chaos caused by CrowdStrike. You cannot live without them and sometimes you cannot live with them.
I often use this slide, quoting Bruce Schneier, when I write about updates – you are guaranteed to see it every month when I write about Microsoft Patch Tuesday.
So I was interested to see a post by Bruce Schneier today, reminding us of something he wrote in his book, Click Here to Kill Everything, that we do not know how to support consumer electronics that need security patches and updates to keep them working, but also have useable lifespans of 25+ years.
Providing Security Updates to Automobile Software – Schneier on Security
We keep our phones on average about 3 years and Apple, Samsung and Google commit to support those devices for at least double that time. I get updates via the internet for my car, but I am uncertain how long the manufacturer is going to, or could, support it.
I am going to change this car in about 24 months, so I am pretty sure I will; be OK, but then it will be sold onto someone else, then possibly another… Built in obsolesence in a £1000 phone looks bad, it looks worse in a £30,000 car!
Clive Catton MSc (Cyber Security) – by-line and other articles
p.s. I have a copy of Click Here to Kill Everything, it is well worth reading. It is not an overly technical book and it does illutrate how poor security creeps into all our lives, even if we did not own a computer, tablet or smartphone!