I guess not commenting for Scorbit but more for manufacturers, I could see value in manufacturers of machines doing more frequent security-based code updates for their OS, but that (as flynnibus suggests) is their responsibility to maintain.
Quoted from flynnibus:There probably was code sharing done to make it easier for jjp to get started... but your concerns really have nothing to do with scorebit.
One way to think about it is that a Scorbitron has certain functions, such as authentication and identity, registration with Scorbit, game information and heartbeating/status indicators, and receiving information (like player name) from the Scorbit platform.
When a manufacturer is doing this on their own hardware, they have to behave like a Scorbitron. In order to do that, we had to share with them the API specification which allows that to happen (and yes, that specification for manufacturers is available for others as well).
The Scorbitron needs updates from time to time and that is 100% on us! Also, if we change the API specification, we would need those changes to be backwards-compatible and the manufacturer to change their code to match it. However, we recognize the design cycle for games isn't like your home desktop OS... Our expectations are realistic about that.
I'll add again that JJP was an absolute pleasure to work with. Very cooperative and creative in the process, and everyone will benefit from that!