Perhaps law needs to be that software needs to be open sourced after some years of product launch or when official support ends - then community can over?
Commercial software often contains components licensed from third parties. So a vendor can't really open source their code in a meaningful way without also getting permission from the whole dependency chain. And in practice that's often impossible.
Same as patent law — After 20 years, no protection? Except the cycle is rather 5 years.
As a startup, I’m ok. But customers will be hit by vulns every year, either with the OS or any layer up to my software, and one of them will have to be upgraded.
Stronger than that. When releasing the gadget, require that the firmware source build tree is put in escrow. After 5 years it is opened to enable ongoing maintenance.
The initial release of gadget is released with firmware build by the escrow build process. This will ensure the company actually provides tree that builds the real thing.
Good idea, better than classic escrow: With a classic escrow, your customers are incentivized to make you go bankrupt, so that they recover the source code and eat your benefits.
But that doesn’t solve the vulnerabilities and the need to have 0-day updates.
If we collectively agreed to do it, that's not an issue
You provide a copy to a specified organisation which will keep the physical copy locked until date X. If you release something on local market and the source is not deposited, you get fined until you do. It would only need regulation - which of course we won't get due to many companies that would fight this idea.
How do you figure? Your position sounds like "oh we made this thing but no, we cant show you how, too hard". That is not generally acceptable in society. Can you point out where I've misunderstood you?
Trade secrets have been an accepted part of society for a long time. Coke and KFC don't have to tell you their formulas. Tesla doesn't have to tell you how Autopilot is analyzing images.
Unless you want patent protection, you have no obligation to show your process.