Security updates for embedded boxes

Security updates for embedded systems are poorly managed at present - doesn't matter too much
if it's a DVD player, but now that many embedded devices are Internet connected, it's a real
issue.  One example is dnsmasq, which I already have running on my DD-WRT wireless router, but
have now disabled.  

Niche distros have this problem a lot - much as I like Damn Small Linux and similar distros,
they don't seem to have any security update policy, and it's hard to know which
vulnerabilities exist.  They often run very old software and aren't usually a close derivative
of a mainstream distro, so it's almost certain they have many open vulnerabilities.

Another example is the eee PC - this runs Xandros, which you would think is easy to update
being Debian based, but in practice it seems security updates are missing or very late. One
example is a Samba vulnerability from 2007 that was not patched as of Feb 2008:
http://forum.eeeuser.com/viewtopic.php?id=14237

The general point is: how do you make consumers aware of the need for rock solid security
updates for embedded devices, and thereby cause the vendors to actually bother to implement
this properly?  Perhaps a mass of compromised devices due to this DNS cache poisoning issue is
the only way this will happen... Apparently Dan Kaminsky's attack is far more 'point and
click' than previous ones, so in a month or two we can look forward to this being incorporated
in widespread malware and used by botnets.

Maybe this lack of attention to security is simply a sign of an immature market sector - over
time perhaps the standard Linux distros will be ported / adopted, ensuring timely and complete
security updates, but in the mean time Linux on embedded devices may get a bad reputation for
security.