Would you blame the people who paid for the bridge for the collapse? Should they have understood the details and flagged where corners were cut.

When it comes to critical system I think it's fair to say that the engineers who build it are the only ones who can fully understand the risk.

This is the point behind accreditation. It forces the supplier to maintain a minimum bar for services to protect the reputation of the industry.