I wasn’t talking about OEMs - and companies who do somewhat care about vulnerabilities already have policies in place only allowing specific device vendors and specific OS versions. There might be a tiny bit more once that gets hooked into some automation, but probably pretty much negligible. If you have a 5 year old device and your vendor isn’t patching it anymore getting rid of it is the right choice, with or without looking at specific vulnerabilities.
I wasn’t talking about OEMs - and companies who do somewhat care about vulnerabilities already have policies in place only allowing specific device vendors and specific OS versions. There might be a tiny bit more once that gets hooked into some automation, but probably pretty much negligible. If you have a 5 year old device and your vendor isn’t patching it anymore getting rid of it is the right choice, with or without looking at specific vulnerabilities.