I think for the industry as a whole there should be some penalty or disincentive for going "we're no longer providing updates" and then "we lost the key that gives full access to the system".