What should be done? There should be much more severe security-testing requirements. The key is you need to raise awareness that these vulnerabilities do exist and can be exploited, and you need a way of measuring security.