No it's not. I can't sue Microsoft for preventable, buffer overflows in Windows. The evaluations they target that government accepts dont even look at the source. There's no software liability or source-based evaluation requirements for mass-market software at the moment.

Matter of fact, NSA's new scheme only requires 90 day evaluation at EAL1 (certified insecure).