It's actually much simpler, don't buy or use software from a vendor that has a track record of vulnerability issues and questionable ethical decisions. I don't use Facebook for this very reason. I did not like something that Zuckerberg said once about his users and decided I could do without the service. It really is that simple.<p>The whole if you deliver source code you get to limit your liability idea looks like a Trojan for open source. Companies should not be cohered into providing their code base to users via regulations. If you don't like that a company does not provide it's code for inspection, then don't purchase from that vendor.<p>This type of regulation would fail in it's intent, the day it was enacted, vendors would raise their prices to reflect the new risks involved and the cost of the regulation would be passed on to the consumer. Further the markets would securitize the risk in the form of insurance and that risk and profit would be passed to the financial industry, who can manage the risk portfolio. So the cost gets passed to the consumer and the increased fees do nothing to further innovation but rather give the financial industry a foothold in software. So we up the cost of innovation by creating the artificial necessity of a middleman that brokers risk with no benefit to either the consumer or the innovator. This is how needless regulation kills a market and it usual happens due to those clamoring for regulation having a secondary agenda. Such as forcing code to be open. Don't get me wrong sometimes regulation is needed, but regulation should be looked at as a last resort measure.