That is, assuming you have plenty of time.

I don't.

Is it too much to ask to have competently built hardware with competent software for a reasonable price enabled by mass production?

I mean, just don't make stupid things like open access to it from a single point of failure where a single engineer can loose their AWS key and enable attackers to access million networks?

Or build devices that overheat placed on an open shelf in home office in truly unreasonably hot Polish climate?

It depends on your experience. For me it didn't require much time at all. You might also consider it a valuable learning experience so worth making the time. I would highly recommend being on top of your own home network as you really never know when networking skills will come in handy.

I have some ops experience but that was 20 years ago. Nowadays if I need to do something like that I have to do a bunch of research and spend a lot of time on it. Which I would prefer spending, for example, with my son teaching him programming.

I can sympathize with people that don't have technical background -- these are practically defenseless.

My question is security updates.

I'm willing to invest time once to get something better working. I'm not willing to invest time on an on-going basis to keep my router secure. My normal router is a !@#$%, but the company does push out security updates.

Most of the DIY projects I've seen require me to do it manually.

opnsense has auto updates, and they are pretty painless. highly recommend it.