Most of the software industry is still acting like it's the 19th century. "So long as we don't know where the rest of that cow is, we can pretend it's not our problem if more people die". But having the tools and choosing not to use them makes you culpable. Once traceability became practicable in other industries those companies which chose not to make use of it became culpable for the consequences.
And so today when a halogen heater in Dundee catches fire, it can be traced back to see which which assembly line, in which Chinese factory made that heater. Records of every change to the manufacturing process, every change of parts supplier, and so on, must all be kept for the lifetime of the product. Because that way they can figure out which other heaters have the same fault, and recall them. If it can't be traced back, the importer may be on the hook to replace every single heater they imported, which will almost certainly mean bankruptcy.
But when a huge entertainment giant ships software to someone, they still say "Oh, we don't know where all the code in there came from. We don't keep proper records of any of that stuff, our procedure is just to slap things together until we get something that works". The product from that supplier who are known to use unlicensed material? Nobody will ever know. The software someone found on github and merged in without checking the license? Ditto.
And it seems there are even people who have sympathy for this bullshit and feel it's an imposition, a infringement of liberty, to insist that _multi-billion dollar software suppliers_ get their act together as much as my local bakery.