Given this market, anyone developing high-security solutions has to loose money on them constantly or charge exorbitant prices to recover their investment. Pretty much only Defense and regulated sectors will buy those. So, the number of high-security products goes down or stays minimum while easily-hacked garbage grows in number. That's all people see to the point that many buyers don't even know something better is possible. Situation keeps reenforcing itself with the buyers all getting what they're paying for or not guarding against.
So, I blame them as much as the attackers if not more than the attackers when it's the same preventable stuff happening. Especially the times it didn't cost extra or what they bought cost more than secure stuff.
Which ones? Are any open-source?
Not open source given only proprietary sector made high-assurance security most of the time. There are some groups that open-sourced stuff after the fact. One whose methods some might emulate is Muen separation kernel. They use SPARK Ada to prove it can't have all kinds of problems. It's also smaller than most things like it.
Perhaps a more apt analogy would be your house is burgled while you are away, do the authorities have an obligation to tell everyone in the neighborhood or just you?