Symantec really needs to be made a example of. If there aren't serious consequences for this inability to create secure security products, companies will continue to get rich off of creating insecure software. Symantec fixed the bug this time but I doubt they will create more secure software in the future.
To be honest, it really is. In the non-digital world, it would be the equivalent of finding out that a company which provides security services, had accidentally allowed its services to be provided to kidnap or kill their own principles.