> I don't know what the solution is but I really can't imagine a government body able to audit all that code in any meaningful way.
The NSA doesn't seem to have any trouble hiring top-notch reverse engineers. There's no reason to believe that the same approach couldn't work to benefit the country if the combination of mission & budget for competitive salaries were applied to defense instead.
That said, the first thing I'd start with would be much simpler: mandatory support where device manufacturers are required to issue security & reliability updates for 10 years[1] or release all of the source code, tools and signing keys into the public domain so there's at least the possibility of user support.
1. Most people expect a car or major appliance to last at least that long without becoming unsafe.
The NSA doesn't seem to have any trouble hiring top-notch reverse engineers. There's no reason to believe that the same approach couldn't work to benefit the country if the combination of mission & budget for competitive salaries were applied to defense instead.
That said, the first thing I'd start with would be much simpler: mandatory support where device manufacturers are required to issue security & reliability updates for 10 years[1] or release all of the source code, tools and signing keys into the public domain so there's at least the possibility of user support.
1. Most people expect a car or major appliance to last at least that long without becoming unsafe.