The US had one... even invented INFOSEC developing it... that mandated a combo of features, assurance, and pentesting by NSA hackers. Under Computer Security Initiative, DOD combined clear standards for how to do it with financial incentives for market to produce it. The result were quite a few systems produced that survived 2-5 years of pentesting with none at least admitting a hack in the field around 20 years. Standards evolved into EAL6/7 of Common Criteria but red tape and handwaiving dominates. That's because Congress changed acquisition policy to force them to buy more COTS garbage to benefit campaign contributors plus NSA started competing with market under MISSI. High-assurance mostly collapsed.
So, it can be done but politicians are preventing it. Market is bigger problem, though. Burroughs B5000 was first, high-security system nearly immune to code injection in 1961. They did good in market but IBM had better price/performance. That plus more feature improvements is all market will really buy. Something uglier, slower, a few less features, and cost double for the security? Most wont go for that. They usually dont do it even if the software is free and easy to use like a few in FOSS with strong security. So, suppliers are right to keep giving them the garbage they demand until they'll pay for something better.
Note: Companies and CompSci people continue developing higher, security stuff anyway. Just very few of them with commercial stuff costing big $$$ due to low volume/demand and academic stuff delivered in prototype form since FOSS people dont put time in them. Hard to see how it will get better on a large scale.
So, it can be done but politicians are preventing it. Market is bigger problem, though. Burroughs B5000 was first, high-security system nearly immune to code injection in 1961. They did good in market but IBM had better price/performance. That plus more feature improvements is all market will really buy. Something uglier, slower, a few less features, and cost double for the security? Most wont go for that. They usually dont do it even if the software is free and easy to use like a few in FOSS with strong security. So, suppliers are right to keep giving them the garbage they demand until they'll pay for something better.
Note: Companies and CompSci people continue developing higher, security stuff anyway. Just very few of them with commercial stuff costing big $$$ due to low volume/demand and academic stuff delivered in prototype form since FOSS people dont put time in them. Hard to see how it will get better on a large scale.