An earlier post of RERUM already pointed out that the edge of the IoT including the devices is going to remain the main attack surface and battlefield in the foreseeable future, due to the relative vulnerability of the devices being exposed in uncontrolled or difficult to control environments, and because of the resource constrained nature of the edge devices.
A large number of monitoring and control application of IoT devices are by nature fall into the category “fit and forget”, which not only means that they are supposed to stay operational using the same battery for many years, even a decade or longer, but also that their software should be update-able remotely to patch security vulnerabilities discovered during this very extended period of time. (Well, not only. Functional improvement and reconfiguration might also become necessary over time.)
These two observations, in particular in conjunction with each other clearly highlight the importance and necessity of over the air patching and programming of IoT devices, as they mutually reinforce each other. Over the air programming is a clear must to have for IoT devices.