Have you seen Kees Cook's data on Linux kernel security flaw lifetimes? Your proposed demands would effectively prevent selling any Linux-based hardware, and would effectively promote closed-source security-by-obscurity (if it hasn't been found vulnerable yet, it's OK to sell).
Something more realistic would be to provide an easy-to-use, secure by default platform that chip vendors could base their BSPs on. A lot of the cheap products base their software more or less directly on the vendor's BSP, and those are frequently some crap thrown together just to get a booting system. It's not unusual to see BSPs still based on some 2.4 kernel, and never updated. Something like Yocto just has a too steep learning curve, and doesn't solve the problem of vendors sticking to outdated versions.
Re: An idea
Something more realistic would be to provide an easy-to-use, secure by default platform that chip vendors could base their BSPs on. A lot of the cheap products base their software more or less directly on the vendor's BSP, and those are frequently some crap thrown together just to get a booting system. It's not unusual to see BSPs still based on some 2.4 kernel, and never updated. Something like Yocto just has a too steep learning curve, and doesn't solve the problem of vendors sticking to outdated versions.