Again, it seems we basically agree on this one in principle, but again, I'm perhaps a little wary in practice. When we start talking about regulating software development, and so recognising accepted good practice in some way, that implies that there is someone qualified to judge what good practices actually are and some reasonable basis for determining what the regulations should be. My personal view is that I'm optimistic about the future but we're not there yet.
In particular, suppose we tried to move in that direction tomorrow, or maybe we even went as far as making software development a proper engineering discipline and a licensed profession. I think the kind of people who would find their way into the influential regulatory positions probably would not be the people who were actually best qualified to advise on such issues, not least because they're busy building useful software. Instead, I think you'd get the dreaded consultants -- not the legitimate ones who really do have wide experience and now make a living sharing it to help others, but the ones who are more politician than engineer, engaging speakers and writers, always quick to tell others how they should write software, yet typically having built relatively little of their own and having little actual data to support their recommendations. (I have this vision in my head now of some Extreme Agile Craftsmanship Consultant telling guys who have been writing security-sensitive networking stacks for 30 years how in future they should TDD their way to the basic functionality and then add "security" on later, and as long as the tests are still passing they can just ship right away.)
This isn't to say that the underlying problem is not serious. The idea that everything should be connected and the idea that security and privacy concerns are being adequately addressed by today's market is a terrifying and potentially extremely dangerous combination. As a geek, I'm able to protect myself and my family to some extent by avoiding a lot of the junk, but obviously most people don't have that advantage and general public awareness of the real implications of these modern trends is still disturbingly low.
I wonder whether a useful way forward in the near future would be some sort of voluntary endorsement system to help raise that public awareness. You don't have to absolutely require following lots of specific regulations, but maybe those who can demonstrate that they at least meet some basic, uncontroversial standards get to label their products with some sort of reserved mark, and then maybe customers start asking why some other product doesn't come with, say, a money-back guarantee and extra compensation in the event of certain bad things happening.