The most important point is - companies must guarantee their products
"Software liability need not be punitive, but there must be some way to get companies to take responsibility for their flaws, Moss argued. Without that, nothing in the industry will change."
If the fault is that their software was not sufficiently hardened then the vendor should be sued to the extent of the damages.
If this is applied broad-spectrum, it would mean that an application that didn't properly vet buffers for overruns and subsequent code execution could be sued.
Same for containers, VMs, commercial libraries/DLLs.
Same for OS vendors and hardware donglers. Same for routers and other peripheral products.
If there is an open disclosure in the T&A (not tits-and-ass) that the vendor is not responsible for any faults in its products than that's fine. But let's watch them go out of business (maybe except Oracle, MS, etc.)
If the product is completely open source and the user agrees that they are responsible for the use of said product, no fault.