"because a manufacturer ceasing operation would otherwise leave all hardware orphaned from update, which itself poses significant potential security risks."

What about manufacturers declaring EOL on one year old kit and leaving it with unpatched security holes?

