It wouldn't help. We need to rewrite our entire infrastructure with security as a primary goal. Then we need to find a way to get people to buy it (assuming of course we can even get anyone to pay for it in the first place). Buy one router for 50 bucks or the secure router for 250 ... I don't think we'll get far.
At the end of the day a few people who can't afford super lawyers go to jail, and meanwhile ubercorp producing cheap routers with bad security continue with business as usual.
It doesn't cost more to not write a SQL injection vulnerability. It just takes a programmer who has a basic understanding of internet 101, and who while writing any line of code involving user input will ask himself "how will these assholes use this to fuck with my system". As long as one line of code can take down your whole infrastructure, and unless all devs of anything serious have a minimum competency level, we are doomed to continue the current path, with a major data leak pretty much every week.
So it will probably take a combination of new, safer programming languages, and minimum proficiency levels, enforced with regulations. I don't like it, but I don't know a better solution, and the statu quo is unacceptable.
On SQL injections, it doesn't cost more, it just requires to use the correct syntax. Pretty much every database framework offer a syntax to avoid SQL injections. They take a negligible amount of time to type over concatenating a string.
On third world country programmers, first I wish only third world country programmers wrote SQL injections vulnerabilities and other easy to avoid mistakes. Then, if you need to audit your accounts or get some engineers to review the structure of your bridge, you will insist on a good reputation / demonstrable competency. If vulnerabilities will land you in jail, you start looking at quotes from software vendors in a different way.
The point is that it still costs more, on average, to hire the person who understands how to avoid SQL injection by using the right tools/syntax. The person who only understands string concatenation and basic SQL will always be available to hire.
And again you are assuming that these vulnerabilities are introduced by cheap untrained or foreign programmers. Massive silicon valley firms who pay top market rates do the same mistakes. I am sure there is a correlation between pay level and understanding of security but we are very far from a position where if you hire a team of developper, a business can have any confidence that they won't do something dumb like md5 a password, concatenate a string in a SQL qry, rely on user supplied array length in an unmanaged language, not protect themselves against CSRF (I suspect 50% of professional web dev still don't even know what it is!), etc.
> I am sure there is a correlation between pay level and understanding of security
Good, then maybe you can see a path forward to stop arguing the opposite?
Yes, it is possible to pay a lot for a little. Developed country, less developed country, wherever. It remains, nevertheless, relatively less expensive to hire an inexperienced coder than it is to hire an experienced one, who has a greater likelihood of being security-conscious. But no formal mechanism prevents the inexperienced coder from finding work cranking out unreviewed programs.
At the end of the day a few people who can't afford super lawyers go to jail, and meanwhile ubercorp producing cheap routers with bad security continue with business as usual.