[adrianN]

Security updates need to be supplied for anything that can connect to a network. Vulnerabilities are anything that allows remote read or write access to the device without the user's explicit consent. Companies need to open source everything needed for supplying security updates before going bankrupt (perhaps setting up a suitable insurance to make sure there is money for work needed to do so). You can't import products that don't meet these requirements, just like you can't import products that don't meet other safety requirements. If the provided updates don't actually fix the problem the manufacturer is liable for all damages. You can't sell things that depend on external servers for normal operation without also maintaining those servers (and enabling community replacement in case of bankruptcy).