At the very least, manufacturers should have to notify all users or via press release when a product has been compromised or can be compromised via a known attack, with maybe some required details like the severity of the breach and possible outcomes.