In general updates are the central backbone of security for Software products. Home Assistants two weeks update cycle makes it apparent, as it almost forces you to think about an effective update policy.
However, IOT devices are not free of (buggy) Software. Yet we almost never update them. In particular if your Smart Home relies solely on HA, it might even not be possible to update your IOT device. E.g. the Z-Wave implementation doesn’t have any way of flashing a firmware file on your device.
The far bigger issue is IMO not Home Assistant, but the device vendors. They do not provide us with the firmware files we need and this situation becomes increasingly frustrating for me. I will therefore start contacting all the IOT device manufactures of witch I own products and ask them for firmware files and how they consider to distribute them. I will post there response here and I would like to encourage other people to do similar with there devices.
List of vendors I contact: (plz contact them as well. The more people ask the more likely we see improvements)
If you write to someone let us know about there response. My goal would be a list of good and bad vendors, so people can decide what product to by and possibly pay 5€/$ more or less because they can make an informed decision.
Its a shame that this is necessary, but the situation is like, everybody runs windows 95, but with internet connection these days.