The negative externalities of owning vulnerable devices need to come home to roost at some point, yeah.
I've chosen to own a "dumb" (read: "reliable") washing machine, and it cannot be used in such an attack. I have to endure the indignity of peeking downstairs to see if I left clothes in it, which is a cost of sorts, but it's nowhere near the cost I'd expect to bear if I bought a vulnerable washing machine and it provided resources to knock Wikipedia off the internet.
What other disincentive to putting vulnerable devices on the internet do you propose?
Are we talking about zero days here or obvious vulnerabilities known for decades but nothing gets done because there’s no cost associated with leaving it insecure? I strongly suspect the latter.
