Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a workshop featuring invited speakers from government, the private sector, and academia. This publication summarizes the presentations and discussions from the workshop.Table of ContentsFront MatterWorkshop Introduction1 Policy Considerations: The Intersection of Public Values and Private Infrastructure 2 Technical Considerations for Secure Software Updates3 Microsoft's Approach to Software Updates4 Update Issues for Open Source Software5 Cisco's Approach to Software Updates6 Ensuring Robust Firmware Updates7 Updates in the Consumer Electronics Industry8 Software Updates in Automotive Electronic Control Units9 The NIST Perspective on Software Updates10 Protecting Consumers from Software Update Risks11 DiscussionAfterwordAppendixesAppendix A: Workshop Agenda and Participants ListAppendix B: Steering Committee BiographiesAppendix C: Speaker Biographies