IoT is already off the rails
This idea that software is inherently full of vulnerabilities and so has to be patched all the time is really a side effect of a relative handful of consumer operating systems. We, the public, have become accustomed to the notion that fixing bugs is a game of 'Whack a Mole' where every fixed bug causes problems elsewhere, opens more vulnerabilities and so on. This might be good eating for product and software vendors but its not the way that we should be treating devices. We can't secure ordinary computers properly so why would we even contemplate spreading the same sorts of vulnerabilities to what are essentially peripherals?
It is true that there are a lot of existing things that lack proper security but they were for the most part designed for an environment where threats were considered unlikely. Securing them should be straightforward provided we can get away from this concept that everything has to be globally accessible by everything else. Experience with 'things' will tell you that you need to trade information volume for information quality, if you don't then you'll get mired in irrelevant data (and there's no point in assuming that 5G will fix that problem for you -- it didn't when connections were wired so its unlikely to economically do the job wirelessly).
Still, I figure that IoT is primarily a marketing exercise mostly implemented in Powerpoint so I'll just keep on doing what I do and wait for something viable looking to turn up....