Hold vendors accountable for buggy software?

So what's on the recently released list--from MITRE and the SANS Institute--of the 25 most dangerous programming errors? Things like cross-site scripting, failure to preserve SQL query structure, improper limitation of a pathname, improper validation of an array index. In short, a lot of stuff that we're not going to easily understand. But the point of the list is to generate awareness that routine mistakes "have been the cause of nearly every major type of cyber attack, including recent penetrations of Google, power systems, military systems, and millions of other attacks on small businesses and home users."

A global effort to eliminate these programming errors is the first step against organized cyber criminals. The experts behind the list would like all enterprises to put pressure on software developers to sign procurement contracts that pledge to deliver software free of these bugs.

It would be hard to quibble with this from a purchaser point of view. I would think that vendors would come up with their own pledge, to underscore their commitment to avoid these errors. At some point, as these issue gain more attention, we may see more attempts to hold vendors legally liable for losses. 

For more:
- here's a Computerworld article

Related Articles:
A global victory for cyber-crime fighters
High noon showdown in Texas
Jeff Skilling to walk?