1) Make it a law that companies have to vet their code for security holes before release, 2) Make it a law that companies have to apply operational security best practice on their software products/services, 3) Industry standard automation for improvements to patch lifecycle management, 4) Auditing for critical businesses and industries to ensure safety (both as a national security thing and general safety/reliability/privacy/etc)

Right now all that stuff is optional, so most companies don't do it, which makes more security holes and it takes longer to patch.

Basically make software development so legally risky that only multi-billion dollar corporations will ever engage in it.