Hue forces updates on you every time you go into the app if there's one available, and you can't use the app until you've updated. Granted this isn't ideal if you primarily use your light switch or an amazon echo to control the lights, and fully automatic updates would probably be better, but it comes pretty close to aggressively pushing updates.

It's pretty aggressive alright. I'm working on my own (RPi-based) controller but for now, I'm still primarily using Hue app for controlling the lights at my home. So every two weeks or so, when I come home in the evening, I'm forced to sit in darkness for 10 minutes as the update installs itself (they say lights must stay powered, so I don't dare powercycle them during the update).

First world problems and all.

I use my Hue lights daily, but I haven't opened the official app in years thanks to 3P apps & Philips's own Zigbee switches.

I am very happy that my preferred third party app (Huetro, which runs on just about every device the UWP supports) checks for updates for me (and is kind enough not to nag about it but make it clear when one is available) because I never open the official app anymore (but as this article points out do need to keep things updated).

>We should hold manufacturers accountable for not aggressively pushing security updates on their users.

There's really no way to /force/ companies to support products they release like that. The company may not even exist a few years down the road. You could force them to release the firmware source so the users/community can patch it themselves but I don't see a way to do what you're saying.

If you could sue over security this wouldn't be an issue: we'd actually have a bug program that worked.

Also, the market would be harder to enter. I don't see a problem with this.

How would you sure a company that doesn't exist anymore?