Summarizer

By holding engineers accountable for the stability and security of their software.

1) Make it a law that companies have to vet their code for security holes before release, 2) Make it a law that companies have to apply operational security best practice on their software products/services, 3) Industry standard automation for improvements to patch lifecycle management, 4) Auditing for critical businesses and industries to ensure safety (both as a national security thing and general safety/reliability/privacy/etc) Right now all that stuff is optional, so most companies don't do it, which makes more security holes and it takes longer to patch.

Basically make software development so legally risky that only multi-billion dollar corporations will ever engage in it.

Legal risk is what insurance is for. You get ensured for a small fee and you go about your job. That's how the non-software world operates anyway

You're assuming the fee would be small. Put yourself in the shoes of an insurance company, deciding what to charge for liability insurance. The potential cost if you have to pay out on the insurance is very very large: depending on the project, software vulnerabilities can cause millions to billions of damage to the economy. And the chance of you having to pay out is a complete unknown. Unknown chance of having to pay out x large payout amount if you do = very very high premiums. Or not being willing to underwrite the insurance at all. Remember, insurance is just gambling. The company is betting that the amount of money they'll make from everyone's total premiums added together is greater than the amount they'll have to pay out. Dumb gamblers don't last long. Smart gamblers will evaluate the risk and say "Okay, that'll be $X million a month in premiums", or even "Nope, we won't cover you". Can most open-source projects afford that?