The industry is a sewer
Exploit hunters are the bacteria (good and bad) growing in there.
Project Zero was created by Google to embarrass the competition into getting their act together.
Guess which provider is doing the worst at having their act together according to Project Zero's (admittedly extremely rough) metric?
But the core issue boils down to three facts:
1) Companies exist to make money for their shareholders.
2) Security is expensive.
3) Consumers have no ability to evaluate security.
My least-favorite tool to fix problems is the government. But I don't see any other way to address this.