That could become even worse than the original problem... if done badly
Potentially governments could mandate "security theatre" like "secure boot", enabling manufacturers to lock you out of the devices you bought.... while in the meantime they still ship their insecure shit, and patch months to late.
It's a problem requiring more technical knownledge than governments usually want to have, plus it has the potential for more surveillance, which governments like.
What we need are mandatory evidence based minimal security standards. Slowly, but surely those standards get more and more strict, allowing for software manufacturers to adapt to them. Essentially those standards would try to weed out the idiots. If you don't adhere to the standards, you will be accountable for the full damage occuring.
This worked fine for electrical engineering.