[ClumsyPilot]

Security updates should absolutely be a legal obligation. Their absence enables theft, criminal activity, botnets, etc.

For the same reason we have laws on fire safety, food safety, carcinogens and asbestos. Average consumer may not know or care about their existence. But if we get rid if them all, organised society will collapse.

[ClumsyPilot]

At the very least the manufacturer should tell me in a legally binding statement, for how long a product will be supported.

[dwg]

I can totally get behind them having to enter into a legally binding statement, given that it increases the transparency allowing me to make an informed decision as a buyer.

However I still have difficulty in the grey area between "security" and "other" update...

[ClumsyPilot]

Well, sure its grey but it's a finite and definable quantity

Addressing known and reported vulnerabilities would be a start - many routers and phones have known vulnerabilities and can be pwned in minutes.

Then I would include degradation of service - example, I have samsung bluray box that came with YouTube functionality. Withing 1 year that didnt work any more because of changes to youtube. Withing a period of time they should be judged to maintain such software degradations.