I think a more feasible tactic would be to reverse the responsibility so that vendors that produce easily broken products ends up liable for damages unless they can show that they have done due diligence when it comes to securing the devices that they create. One way to get away from liability would then be to be vetted by a reputable security company.
In theory this sounds good, but I'm afraid in practice, very quickly a market of a few giant "reputable" security companies would emerge, and it will include rather charlatans than people who really know what they are doing. In the end, it will look like rating agencies who were giving AAA left and right in 2008.
However, maybe a system like that would have improved at least the prevalence of the most glaring security holes.
