> If the software is open source i may not receive any updates regardless
If the software is open source, anybody can update it. I use a cellphone from 2012 whose manufacturer abandonned a few years after release. This year alone I got 2 updates for it because I'm running the e.foundation /e/ OS. This wouldn't be possible had AOSP not being open source or its bootloader was locked.
If a vendor supplies bad security updates after six years, I can demand proper updates or perhaps my money back in return for my insecure device.
If the software is open source i may not receive any updates regardless.