Pushing out security patches "takes months," commented Lookout's Hering, because in the mobile world, "so many people are involved" reviewing and approving it. "The question is, can we get that from seven months to seven weeks to seven days?"

"Patching is a big problem," acknowledged Amoroso. "You shouldn't have to do it in the first place." But in the "over the air stuff," he pointed out, "the carrier will zap you. We call it the nuke option." He acknowledged this is not an optimum situation, "Sooner or later as a group, we'll have to come to an agreement as to what we'll do" in terms of "a community for patching."

"It's a political problem," said iSec's Stamos about the situation where mobile-device makers must gave approval by the carriers to approve these types of updates. He said a lot of this situation is engendered by "the desire by the carriers to control profit streams."

In contrast, , in its patching routine, "doesn't have to go to every laptop OEM to get permission from each." Stamos added that Google has set up separate "tiers" for certain devices and customers to be patches. Overall, Stamos advocated that the mobile-device industry make a break with the current situation regarding carrier control, and especially for enterprise users, "please give these people the ability to patch their phones." The and devices are hard to manage in part because of this.

Apps were another topic of discussion. Amoroso said AT&T's policy on Android is that "we restrict apps to the Android market. I thought this community would love that," because it was intended to make malware more difficult to exploit. But, he adds, "the reaction is more like they want mobile to look more like the Internet."