To me, thats the minimal necessary solution in case of a vendor going bankrupt but there should be a mandatory minimum Support window after the last sale of a device by the manufacturer and that should be non-trivial for security issues (say 10 years).
"And that, my boy, is how we killed the market for hardware startups. We raised the barriers to entry to the point that no one was willing to compete with the giants."
"And that, my boy, is how we figured out that you can make laws that scale with company size, thus keeping hardware startups from that requirement but making sure big megacorps couldn't abuse their market position"
