> If we can't stop the vulnerabilities getting into people's homes in the first place, can we at least fix them afterwards?
Yes. You do this by not-having anything for which the software _cannot_ be maintained. It doesn't necessarily have to _be_ maintained or have updates be available from any particular party (e.g. the vendor or manufacturer). There only needs to be a total and complete lack of barriers which might _prevent_ any interested party from performing the software maintenance. Then, if people want the maintenance enough, someone will do it. (Maybe for money, maybe not.)
If barriers to maintenance exist, you use government force to remove the barrier. Nobody can make a case for lack of software maintenance being a desirable, or even tolerable, thing.
Allow maintenance
Yes. You do this by not-having anything for which the software _cannot_ be maintained. It doesn't necessarily have to _be_ maintained or have updates be available from any particular party (e.g. the vendor or manufacturer). There only needs to be a total and complete lack of barriers which might _prevent_ any interested party from performing the software maintenance. Then, if people want the maintenance enough, someone will do it. (Maybe for money, maybe not.)
If barriers to maintenance exist, you use government force to remove the barrier. Nobody can make a case for lack of software maintenance being a desirable, or even tolerable, thing.