Because Samsung has been brought into the field: Their policies when and how often to supply security updates differ between their model series:
That is why I have written about money: Models from the S series, for example, cost a lot more than those from the A series.
Hi everyone,
To answer the concerns addressed above. Fairphone has a quarterly release roadmap, however, additional releases may occur in-between as a result of partner specific instances or in the case of emergency releases. For example, in the past 10 months, we have released a total of 10 software updates.
That said, a new release will be made available by tomorrow at the latest.
Regarding our communication about updates going forward. This is trickier to answer, as it is not always easy to tell if a delay might be a day, or a week, or more. But we are looking into how best to communicate this in the future, as well as how this might be done (be it, an announcement in the forum or on the website etc.) So for now, we are still investigating the “how”, but it is our plan to keep you in the loop going forward.
Best,
Rae
Hi Rae,
Thanks for this much clearer answer, this is what I was awaiting and would ask for the future 
Why couldn’t we have both?
I was happy to buy a FP3 knowing I will get security updates for 5 years and I stupidly thought they would be monthly until at least the phone is 2 years old.
Personally, this lack of updates implies it will be my last Fairphone if the situation stays like now. I am sad about it since I really believe in the goals Fairphone has.
I am willing to accept that I probably was naive in thinking that “software support for five years” would mean “timely software support for five years”. If I interpret a quarterly release roadmap the right way this means I will get the up to date security patches every three months and be out of date in between? Or am I getting the statement wrong?
Edit: So in the end this wasnt even a release delay because it wasnt planned to deliver the security patches that are missing anyway? That would at least explain why no reason for any delay was given.
Edit 2: If this holds true I must say that I’m quite disillusioned from my own illusion now. ^^’
So, “Keeping your data safe with /e/OS” should have been “Keeping your data safe and getting more timely security updates with /e/OS” 
.
We should keep in mind that /e/ OS is not from Fairphone. It cannot be “the” solution for everyone who wants monthly security updates for the FP3 to install /e/ OS, which, in my eyes, is a lifetime beta without any official support from Fairphone. And beta instances should not be recommended to be used from average users. If Fairphone think that is the way to go, I will not advise my mother in law, age 71, to buy a FP3.
Thanks for the more detailed answer and for sharing at least some details about what is going on internally at Fairphone. Looking forward to installing the new software which will hopefully contain the July patches, then.
Have a nice evening,
Thomas
Hello @formerFP.Com.Manager,
Thank you for your detailed response. I really look forward updating my phone today 
Thank you also that Fairphone considers a better communication update. Could you keep us in the loop in this subject?
Greetings,
JuengerJesu
HI @formerFP.Com.Manager, everyone,
I’m a software developer and security professional (Red Team mostly). So, I’m aware of both how development cycles and project management methodologies work as well as exactly why maintaining a security release calendar is crucial. It is nothing like adding new features, because the bad guys aren’t going to wait around for your next sprint.
The thing is that the monthly security releases from Google almost always close vulnerabilities which have CVSS ratings from medium to high. That’s pretty important, and I was proud that I could talk up my Essential PH1 to my boss since it often got the monthly update before his Pixel would.
Now I have a bit of a problem: as long as this situation continues, I have to hide the fact that I bought a Fairphone from him. Admittedly posting on a public forum under my own name is not very stealthy, but he would have found the situation anyway.
Anyhow, I hope that the situation can be corrected, so I don’t have to give up my FP3.
@teezeh, @JuengerJesu, how do we get this June update?
UPDATE: I tried again and the June update is available now !
I’m not defending that timely updates shouldn’t be a priority, but is true that many of the security vulnerabilities discovered are theoretical or need physical access or super-user permissions on a device. Recent example is the recent “BootHole” vulnerability on SecureBoot devices which looks pretty dangerous (and it is) however:
The severity of the vulnerability, however, is offset by a few things. First, the attacker must have either administrative rights over the computer or physical access to the machine. Administrator-level control is increasingly hard to gain on modern OSes because of major advances they’ve made to block exploits. Physical access may be easier during border crossings or similar moments when a user briefly loses physical possession of a computer. But the requirement is steep in most other scenarios, making it unlikely many users are affected. What’s more, physical possession greatly restricts the scalability of attacks.
This is the kind of news that you should really worry about if you are someone like @Mark_Jaroski, but will hardly go noticed by the general public (there’s a fix already by the way).
There are other issues that Google may not be able to fix but still can affect you, like the recently discovered BadPower vulnerability that targets fast charging devices and could set your phone on fire (and this is why you should always buy from official stores). Would be nice to know if Fairphone is affected by this by the way.
Again, I’m not saying that it’s ok to go for months without security updates. Just noticed this thread has gained a lot of attention and some comments seem paranoid to the verge of desperation about it.
My point is, even if there are security vulnerabilities (and they should be fixed as soon as possible) they are not always feasible for an attacker to carry them out, either because each case is unique and takes time to figure it out (during which a fix may come out) or because the attack exists only in very specific environments or requires permissions that would already put your device in a bad place anyway, etc.
Once more: I’m not saying that security updates should be optional or that “this will never happen to you so it’s fine if you don’t update your device”. Just trying to bring some light to those who seem really worried about it.
Updates are important. It’s not 2013 anymore where Fairphone still had excuses not to bring updates. The smartphone is now the outsourced brain where life management takes place.
Ahh, that’s why everyone (including people >70 years) is so crazy about updates. 
Right. 
So we got a security update with the patch of June… at the end of July, some days before the patch of August is deployed by some phone makers.
I don’t understand when we got quarterly updates for a new phone (Google pushes for monthly security updates for at least two years) but let’s admit it will be this way in the future.
@formerFP.Com.Manager Would it be possible to get them on time? The June update in June or the July update in July
Small annotation: The current patch level for /e/ for the FP3 is also June 5th and there was an update only a few days ago.
