I particularly like "Strategic Objective 3.3: shift liability for insecure software products and services"

"Companies that make software must have the freedom to innovate, but

they must also be held liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers.

Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not on the end-users that often bear the consequences of insecure software"