It's fun to say Android is fragmented on the Internet. All the cool kids and blogs do it, they even make fancy misleading charts about it. While there's more than one side to the argument -- choice versus fragmentation -- only the most rabid fanboy would say that it doesn't exist. I tend to think the whole issue is living with the choice you make. If you want the "Android" experience, buy a Nexus phone. If you prefer the experience an OEM offers, buy one of their phones. Both are the right choice. But there's an underlying issue that gets forgotten when we talk about updates and versions -- security patches.
The diversity of Android gives us a chance to have this user experience regardless of the platform version it's built from. That doesn't make the want for the new software any less, but it a fair trade for most people. Ice Cream Sandwich looks a whole helluva lot like TouchWiz 4. Security issues are another matter entirely. HTC had a recent issue about user privacy, have a read if you aren't familiar (be sure to read HTC's response as well). They caused it. They quickly pushed out a patch to at least one carrier to address it. All security issues need to be addressed this way. If HTC, or, Samsung, or LG, or Motorola -- whomever -- builds the OS and sells it to the carrier, they need to follow up with security patches in a timely manner -- either by updating their base to the latest Android version and building their OS with it, or patching the issue themselves with the current code base. Users deserve the benefit that patches to the bootloader, or browser, or whatever, much faster than companies and carriers get them rolled out. Yes, that responsibility is shared by the carrier as well. While they aren't the people responsible for updating the code and building the operating system, they are the people that accept your money for the device. Carriers and OEMs need to work together to keep the phone secure for the life of the product, even if they don't work to keep the software version current.
On the enterprise side of things (something that OEMs are starting to take more seriously), this becomes critical. Companies simply can't sit back and ignore the fact they aren't getting security patches, because their money is on the line. Documents, contacts, and communications need to be secure as possible, and when cracks in the armor are found, the patches need to come quickly. They don't, and this is a problem.
I know that making sure your phone isn't susceptible to the latest bootloader hack isn't near as glamorous as getting Ice Cream Sandwich, or even Gingerbread. These few words can't make that happen. But I think we need to be pointing out the right issues -- not having a phone that is secure for the life of its contract is one of them.