Safety/security costs more up front, but costs less in the long term.
Not necessarily true. If you blindly make producers liable for all risk, and pile on top of that a substantial regulatory framework, you could create costs well above benefits.
I have a friend that makes jam. It's good jam. If she were to sell it at the farmer's market, people would happily buy it. And the sorts of people who buy jam at the farmer's market know what they're getting into. If by some fluke one of the jars doesn't seal properly, they'll deal with it. But in your world, she'd be exposing herself to substantial legal liability, plus the need to comply with a bureaucratic system that proves she has taken all possible steps to mitigate risk. Equipment, procedures, documentation, keeping up with regulations, filing reports. She wouldn't do that just to sell a few jars of jam.
For software, it's even worse. Regulating software creation uniformly is like regulating the creation of things made out of atoms: the variety is too wide to talk about it sensibly. The whole point of writing software is to do new things, which guarantees many risks won't be well understood. And software processes are moving to very fast cycles, where the goal isn't to completely prevent errors, it's to keep any impact very small. Regulation-induced ritual can wreck that.
Customers should generally be able to choose what level of risk they're accepting except where the risks are catastrophic and hard to understand (e.g., flying on a commercial airline). Without that freedom, we won't get small jam producers, we won't get companies that do bungee jumping or skydiving, and we won't get a great deal of the innovative software we now get.