Maybe make it a law that company needs to maintain certain level device security via software update for N years for internet connected devices.
Or they are required to release those device's source code to (and pay for) the "communities" for the maintain the security updates.
If they don't do it, they are responsible to damage caused by those devices because of security issue or the customer's loss of data/privacy due to hacking by 3rd parties.
Similar to recent case where "food processor" company is liable if the blade is cracked into pieces into the processed food after a few years.
Or they are required to release those device's source code to (and pay for) the "communities" for the maintain the security updates.
If they don't do it, they are responsible to damage caused by those devices because of security issue or the customer's loss of data/privacy due to hacking by 3rd parties.
Similar to recent case where "food processor" company is liable if the blade is cracked into pieces into the processed food after a few years.