No it's not. I can't sue Microsoft for preventable, buffer overflows in Windows. The evaluations they target that government accepts dont even look at the source. There's no software liability or source-based evaluation requirements for mass-market software at the moment.
Matter of fact, NSA's new scheme only requires 90 day evaluation at EAL1 (certified insecure).
Matter of fact, NSA's new scheme only requires 90 day evaluation at EAL1 (certified insecure).