[dwg]

I'm not saying they should not be required, as I have not thought about this deeply, but in whichever way I imagine this playing out, it seems likely to lead to situations in which people are using some device with a lot of security vulnerabilities that were made much easier to find and exploit once the code was opened up.

[yjftsjthsd-h]

An unmaintained device was always going to be a security problem; at least with open code and a way to install it there's a way to patch problems after the vendor stops providing fixes.

[dwg]

I'm on the same page, but was wondering if there would be any concern about liability on the part of the company that released the code (mandatorily, as suggested).

[fsflover]

Security through obscurity doesn't work.