That depends on the way legislation is written of course. If you provide an open source package for free, there's no real transaction so you can't claim responsibility from anyone. Same if it's a free closed source product. But, if you sell software and neglect security issues within the warranty of said product, you should be held accountable, open source or not.
Such legislation should not be there to allow (class action) lawsuits but should be upheld by a government body, responding to complaints from the general public.
Problems with open source can also be solved by requiring companies who do not wish to take responsibility to give users to either sign a waiver (explicit, no TOS bullshit) or return the product immediately in exchange for money back. With open source software, there is no money given, so no problem. With closes source software, this highlights the vendor's behaviour regarding security support and might make consumers think twice before going with certain vendors.
Another way to do this would be to require vendors to put a clearly visible, standardised sticker/tag/image on their products detailing the support life cycle (warranty / software updates / security updates), similar to the nutrition information found on many food products. That way, consumers can shop around or hold a company responsible of their smart thermostat suddenly stops working because the company behind it got bought out by Google.
There are tons of variations of bases for legislation, but I don't see why physical and digital goods are that different.
If my CCTV system short cirtcuits and causes a fire, the company behind it can be held responsible for mot recalling the decices if the flaw was well known. If my CCTV camera has a known flaw that let's hackers in without authentication to record my alarm code so that they can break in, suddenly we're in the wild west of software support where you're on your own. Why is there such a difference?
Such legislation should not be there to allow (class action) lawsuits but should be upheld by a government body, responding to complaints from the general public.
Problems with open source can also be solved by requiring companies who do not wish to take responsibility to give users to either sign a waiver (explicit, no TOS bullshit) or return the product immediately in exchange for money back. With open source software, there is no money given, so no problem. With closes source software, this highlights the vendor's behaviour regarding security support and might make consumers think twice before going with certain vendors.
Another way to do this would be to require vendors to put a clearly visible, standardised sticker/tag/image on their products detailing the support life cycle (warranty / software updates / security updates), similar to the nutrition information found on many food products. That way, consumers can shop around or hold a company responsible of their smart thermostat suddenly stops working because the company behind it got bought out by Google.
There are tons of variations of bases for legislation, but I don't see why physical and digital goods are that different.
If my CCTV system short cirtcuits and causes a fire, the company behind it can be held responsible for mot recalling the decices if the flaw was well known. If my CCTV camera has a known flaw that let's hackers in without authentication to record my alarm code so that they can break in, suddenly we're in the wild west of software support where you're on your own. Why is there such a difference?