I've been following the discussion with quite a bit of interest. What had become crystal clear to me is that nobody here has been looking at the problem from the perspective of the manufacturer, particularly how they actually get product to marked. A la "Dilbert". The engineer's credo: "Why build it when you can buy it?" I doubt very seriously that manufacturers are starting completely from scratch when they design their IoT product. They buy this piece, they buy that piece, they buy this hunk of software, they buy these hardware components. Slap them together, and you have your product. That being the case, the question of "what happens when the company goes bankrupt" becomes less of an issue so long at the company who supplied the IP stack is still around. By government implementing some not-unpleasant rules, the companies can outsource the IP stack portion, including updates. Then the manufacturers can concentrate on the value add stuff. For durable goods like refrigerators and thermostats, you could require that the IP-capable part be in a plug-replaceable module, so that all the customer needs to do is go to Home Depot or wherever and get a replacement module. Instant update! The back end of the module would be a well-defined API so the manufacturer can do his product, divorced from the Net stuff. Indeed, it wouldn't take long for the various industry associations to codify what the modules should look like, both physically and electrically. The semiconductor industry did this big time in the TTL days. There is precedent. So what if your washing machine is working perfectly well 15 years into its lifecycle. You replace the network module and get the latest and greatest security updates. Light bulbs are harder, but even then there is an opportunity for someone to market an "industry standard" interface that can be upgraded easily and cheaply. By the original software vendor. Can someone say "IoTsoft"?