Comment by mnau
What would be the point of open sourcing it? Serious question.
Custom DIY ROM might interesting to some geek out there, but it does nothing for security. There is no automatic update and some custom ROM is never going to get it anyway.
Security through obscurity is a better option in this case.
It would be nice for the community, so they can at least try to fix things.
But mostly, I think it would clarify the responsibility and obligations for support. Obviously a device which hasn’t been opened up can’t possibly be the responsibility of the user, who is locked out and unable to administer it. By default manufacturers should be responsible for the things they manufacture and should have an obligation to make sure they are reasonably free of defects. Devices with known security vulnerabilities are defective.
If they want to release themselves of that responsibility, they should have to actually make it possible for somebody else to pick it up.