AndyC wrote:
But there has to be a point where you accept that a company (in this case Sony) can't be held responsible for flaws in a piece of technology that they bought from a third party in good faith.

If not, then we're all doomed.
To some extent I agree, but not in this particular case. Installing a rootkit wasn't some innocent mistake that slipped past the engineering teams, but rather it was an explicit design decision to undermine the integrity of customer's computers. If we can't expect companies to insure that their solutions--including any licensed third-party components--don't intentionally break things, I think we're in a lot more trouble.