I agree. What's broken is liability of those companies relying on open source but not taking responsibility.
One way to hold them accountable is to apply regulatory pressure in case of security breaches, which has started to happen (albeit not nearly enough). Is there any other way I'm not seeing?
I'm not sure. Wouldn't that mean forcing the companies to pay someone to take that liability but not necessarily providing any benefit to the original software developers---like whatever Red Hat Enterprise Linux is called today?
Why should companies pay more than $0 for something the creators ask $0 for? That doesn’t make sense at all. Do you pay more than the asking price for stuff you buy?
Another way would be to enforce open-source requirements for any public spending including/producing code. You want a city to buy your traffic control system? Open source the code first. You want a state to use your voting machines? Open source your code first. Any public money going should necessitate that software being released as open source.
Not only would this lower the risk of fatally flawed public software projects, maintenance of these systems in the long run would also not depend on just one company with an artificial monopoly anymore. This would also create a healthy ecosystem of paid open source developers.
One way to hold them accountable is to apply regulatory pressure in case of security breaches, which has started to happen (albeit not nearly enough). Is there any other way I'm not seeing?