How does one use "legal liability or tax breaks to motivate manufacturers — especially makers of operating systems" to alter the actions of open source developers? If someone looses revenue as a result of the Debian key vulnerability do you hold the Debian foundation liable? How about the volunteer programmer that altered the OpenSSL implementation? That doesn't seem workable.
Also, "mandating minimum computer security standards and by requiring Internet service providers to deny or delay Internet access to computers that fall below these standards" means that Comcast is going to be disconnecting an awful lot of not very technically savvy folks. This doesn't seem likely to play well in the proverbial Peoria.
See here: http://www.kk.org/cooltools/archives/001414.php