So it follows that to protect users a vendor needs to make security updates as easy and painless as possible, across the entire application stack.