Mind providing a source? (Tried to Google it but didn’t find any relevant info.)

I can think of multiple situations where a vendor from SK has left things unpatched for months, and sometimes years..

Sure, I'd be fine with that but that's going to have knock-on effects on developers because they're the ones writing the code and therefore the vulnerabilities / bugs. Software engineering would turn into something like civil or aerospace engineering or medicine where where practitioners are required to be certified in various ways, either they or their employers carry liability insurance for bugs they write, and endure onerous processes / audits that their employers and insurers demand of them to reduce the risk of bugs. That I'm fine with too since there's so much crap code being churned out but most software developers probably wouldn't.

"thousands of dollars every day" does not a negative reinforcement make. That us not even a rounding error for even mid sized companies.

Then use 1% of revenue or 2K per day, whichever is greater.

So after 4 months, the company would lose more than their entire revenue?

Why not?

A $20k car can do far more than $200k in damage.

We don’t limit liability to the price of the vehicle.

The equivalent would be a $20k Ford resulting in a $1,762,000k fine.

Yeap, should deter building vulnerability riddled solutions.