It wasn't backwards incompatible, it was outright designed to cause chaos. If an open source maintainer pushes an update that intentionally starts killing whatever processes it can or intentionally fills up the disk with garbage, is that not an attack? How is an update that intentionally infinite loops, printing garbage to stdout any different? There's very much someone to point a finger at: he went out of his way to cause chaos.
Does that mean corporations have no responsibility? No. But it's also the case that we live in a society and your ability to wreak havoc because you can shouldn't be empowered.
Does that mean corporations have no responsibility? No. But it's also the case that we live in a society and your ability to wreak havoc because you can shouldn't be empowered.