[gruez]

>Then we could begin forcing manufacturers to sell security updates regardless of the age of the device.

Who's going to pay for those updates? It's hard for the economics to work out. It makes sense for handset makers to pour engineering resources into developing and maintaining operating systems when there's millions of customers. How are you going to scrape together enough money when there's only a handful of customers?

[econ]

I thought you had a point but then I remembered how funny it is. If you are dealing with sensitive customer data you shouldn't get to skip security.

It is actually cheap and easy if we change the question: Should you be allowed to run a closed source proprietary platform with insufficient security? After all, if you open it up and let people do what they want it becomes their responsibility.

Bricking the device at a predetermined date isn't very elegant but it would work. Maybe the user should have the option to return it (working or not) and get some money back.

[thayne]

It doesn't have to be that expensive to continue supporting old devices. If all your devices use the same software, and new versions don't add new hardware requirements it wouldn't be that hard to continue supporting old hardware.

But in the current ecosystem every device has its own medley of custom firmware and software that gets abandoned when the maker stops selling that version, and the makers are incentivized to stop updates to drive customers to buy new devices.