[ghaff]

They're not necessarily lemons at the time of sale though. In general, we don't legislate that products need to upgraded and maintained after they're sold. (Yes, there are lemon laws and warranty requirements for defects--which are at least related.)

However, how would you feel about legislation that required five years of dealer service to be included with every automobile sale? Or other products in a similar vein?

There is an idea of harm to the ecosystem/society with unpatched IoT and other network devices though. So perhaps a heavy-handed approach is justifiable.

[eropple]

They were lemons at time of sale, though, we just didn't know it yet. Between that and the ecosystem/society argument, I think it's a no-brainer.

> However, how would you feel about legislation that required five years of dealer service to be included with every automobile sale? Or other products in a similar vein?

This analogy doesn't work for me; software bugs are defects, they aren't something getting old and falling apart. I think that a defect in an automobile should be repaired at manufacturer expense whether it's a year old or twenty.

[__jal]

The operative difference is that intelligent adversaries are not coming up with new and better methods of making your bumper fall off.

The economics of providing 5 years of defensive patching on a $100 device simply does not work.

[snuxoll]

Maybe they need to stop shipping a dozen different $100 models with wildly different specifications and come up with a common platform to reduce support costs, like most other industries.

Support costs increase as fragmentation does, it things sold at a reasonable price and without dozens of variations it would be more feasible to maintain longer supported life cycles - but these companies have no incentive to think beyond the next quarter’s earnings call.

[aaron_m04]

> The operative difference is that intelligent adversaries are not coming up with new and better methods of making your bumper fall off.

Not yet.

[crankylinuxuser]

Then maybe they shouldn't be able to make a profit on doing society wrong in the medium or long term.