There is no one person or class of persons who essentially owns this. The problem is a confluence of a number of factors, and so far all I see is fingerpointing as to whose job it is to clean up this mess.
First you have manufacturers that don't give a crap. Their objective is to turn out crap as cheaply as possible, and they only need to work well enough that the customer won't return it to the store.
You have the retailers. Most of whom don't know much about the items themselves. All they care is that customers not return them for being broken or too hard to configure.
You have consumers. They want cheap shit, and it needs to be totally idiot-proof to get working. Some will go out of their way to purchase directly from overseas e-stores just to save a few bucks. If it is too hard to configure, they will return the item, but they will seldom return something because it has default telnet credentials that the user cannot change.
You have ISPs. They added UPNP to their routers to support lamers and other sorts of devices. And you also have ISPs who have not yet added support for the RFC to control forged addresses. And you have ISPs who strongly believe that their job is to deliver packets, and they want no part in filtering anything that comes from a customer machine.
You have the standards body that came up with UPNP. They assumed that people building the objects would do a halfway decent job, and they blindly open up whatever ports the device behind the firewall asks for.
You have the standards body that decided that DNS should be both TCP and UDP. Yeah, I know it is faster, but it is also far easier to do an attack with a forged sender.
And then you have people who run the networks and machines that are under attack. They bear the brunt of it, but for the most part they don't have much of a role.
Given that nobody wants to take ownership of this, to me it means that we will never have complete cooperation. We will never get all of the ISPs on board. We will certainly never get all of the consumers on board, and we will certainly never get all of the retailers on board.