In my opinion, the push needs to come from insurance companies. Until people are sued for a lack of security in their software, it's unlikely anything will change. Once insurance companies can charge more for poorly written software insurance, we'll see a shift.