Google has committed to delivering 5 years of software security updates to Nest products. This finally gives us a sense of how long Nest products will be supported for, as previously, Google never confirmed how long they'd support new products after launch. For example, the Google Home Hub (renamed to the Nest Hub after launch) launched in 2018, and we now know that it'll be supported until at least 2023.

We issue critical bug fixes and patches for at least five years after launch. We work hard to respond to the ever-changing technology and security landscape by building many lines of defense, including providing automatic software security updates that address critical issues known to Google Nest.

This announcement comes in a blog post, which outlined Google's commitment to security and privacy for its Nest products. The post highlighted some of the ways that Google says shows how it values user privacy and security, though some of the statements simply rehashed old promises.

For example, Google notes that Nest products are covered under the Google vulnerability reward program, a bug bounty program that rewards researchers who find vulnerabilities in Nest products.

Google also announced that Nest devices introduced in 2019 or later are validated using third-party, industry-recognized security standards such as those run by the Internet of Secure Things Alliance (ioXt). Validation results for those tests are available, and in the Nest Hub 2nd generation's report, the NCC Group asked Google to clarify the "earliest possible date that it will no longer be supported via security patches". It seems that this recommendation is partially why Google is announcing its commitment to software updates to show it is serious about security.

Lastly, all devices released during and after 2019 use verified boot to verify the integrity of firmware running on the device, too.

All of Google's security commitments are visible in the new Nest Safety Center.