After maintaining online services, I’m quite sure it’s vulnerabilities. It’s extremely costly after 3-5 years to maintain old software.
Ex: You have a thermostat or an alarm system that runs Debian, Debian gets a vulnerability, you try to upgrade it, but you need to change Debian versions, and your old stack isn’t supported on the newer version. Nowadays you need to keep patching all your old appliances, keep the old domain names and exact URLs, and need to actively look for vulnerabilities. All of that can only be provided by a subscription, not the initial purchase cost:
Perhaps it's too radical, but if this is the main concern, you could still build appliances with Linux that just aren't networked. Take a page out of Battlestar Galactica's playbook.
My smart home stuff is all Z-Wave and my oldest devices are going on 10 years now. A light switch doesn’t need to be maintained or updated. I guess a hacker could drive up to my house with a laptop and a SDR, reverse engineer the protocol and then, I guess, turn my lights on and off? That’s a security tradeoff I’m willing to accept.
Ex: You have a thermostat or an alarm system that runs Debian, Debian gets a vulnerability, you try to upgrade it, but you need to change Debian versions, and your old stack isn’t supported on the newer version. Nowadays you need to keep patching all your old appliances, keep the old domain names and exact URLs, and need to actively look for vulnerabilities. All of that can only be provided by a subscription, not the initial purchase cost: