I agree completely. But how likely is that to happen? Let's face it, companies that make 'smart' devices will likely want to monetize on customers whose software is outdated (in functionality, not security) and who want to upgrade because of that. I don't think they'd have a motive to do anything other than proprietary, non-maintainable software.

The only solution I could think of from a security standpoint would be to limit functionality on the device itself to such a level that there is not much need for updating, i.e., ideally the fridge becomes a dumb device that essentially offers a vnc-style connection to a central FridgeCo data center, so that the fridge itself would never deal with your passwords etc. other than sending them somewhere in an encrypted connection. This basic layer of functionality (and even that would be a lot to keep secure) would be more reasonable to maintain and keep secure than having separate apps for Google Cal etc. Of course, this would cause many more problems, be a single point of failure etc., but I think that's the way it's most likely going to go.

Ubuntu are aiming directly at this problem by providing the base OS and making it possible for vendors to then layer on the functionality they need: http://www.ubuntu.com/internet-of-things

How much vendors are willing to use something like this remains to be seen. Personally I resist buying things that I think will have a poor security update record. I'd like to see more pressure on vendors to do the right thing here, especially because there is at least one reasonable solution available.

Disclosure: I work for Canonical, but am not associated with the IoT work in Ubuntu.

I don't think sanity will prevail over profit here. Making shitty unmaintainable flashy software that sells units and hijacks your house through exploits a year later optimally keeps customers buying new fridges, when the only thing wrong with them is awful outdated proprietary code running on it. Its the same reason I feel Ubuntu TV was a flop - as long as consumers make emotional, advertising driven, uninformed, instantaneous purchase decisions, the optimal route to profit is flashy over-the-top showoff crap on the store shelf that then breaks as soon as possible so they have to buy another. As long as people do not care about the software running on their "smart" tv, or fridge, or thermostat, they will continue to be given what they ask for - nothing but crap.

> Its the same reason I feel Ubuntu TV was a flop...

I believe Canonical have a grand plan but have just focused on phones first. Since to my knowledge the Ubuntu TV hasn't happened yet, how can it be a flop?

It was announced in 2012, and it has had no development since 2011, and hasn't shipped anywhere either. It wouldn't have been a flop if there wasn't a lot of hype in the tech ecosystem about it as a result of the announcement, but if you announce something you stopped working on a year before and going on four years later haven't come back to, while proprietary smart TVs have basically taken over store shelves in the intervening years, its a flop.