This could be a case of government procurement muscle used to effect changes in the supply side. From Techworld

The US federal government has launched a programme that will require federal agencies to insist on security standards from suppliers, a move that some argue will have a far-reaching impact on most large and medium-sized organisations buying PCs.The government confirmed the move in a memo late last month and will roll the programme out in several stages during the course of this year. By 1 February of next year, all federal agencies will be required to use secure software configurations when they deploy Windows XP or Vista.

The scheme matters to the outside world because software suppliers who want to sell to the US government will have to certify that their equipment works on operating systems set up to work securely, said Alan Paller, director of research at the Sans Institute security research centre, in a recent memo.

Currently organisations never know if securely configuring Windows will break their applications. The new US government programme could make things simpler for IT managers by providing clearly understood standard security configurations that are backed up by the federal government’s purchasing power, Paller said.

“It provides the incentive ($65bn/£33bn) in US government IT purchasing each year, and confidence (agreed upon configurations), to allow every software vendor to ensure and affirm the software they sell works on the secure configurations,” he wrote. “That takes the pain out of secure configuration and rapid patching.”

Paller said secure configurations could slow the spread of botnets, reduce patching delays and stop many attacks directly.

“This initiative will affect every medium and large buyer of computers running Windows software,” Paller wrote.

The White House memo is here