The area of Internet of Things (IoT) is growingand it affects a large amount of users, which means thatsecurity is important. Many parts of IoT systems are builtwith Open Source Software, for which security vulnerabilitiesare available. It is important to update the softwarewhen vulnerabilities are detected, but it is unclear to whatextent this is done in industry today. This study presentsan investigation of industrial companies in the area ofIoT to understand current procedures and challenges withrespect to security updates. The research is conducted asan interview study with qualitative data analysis. It is foundthat few companies have formalized processes for this typeof security updates, and there is a need to support bothproducers and integrators of IoT components