This, although commendable, is unworkable. Exchanges will not sign up to a policy over which they have no control and there is no clear control/revision mechanism. Indeed an exchange may implement its own policies which are more technically and practically secure.
If you try to put a series of rules in place, they will serve as an excuse for more thefts/losses. "We did X according to the standard, but still got robbed".
The only standard there needs to be is "Don't steal or lose people's money". And as we all know, even this is optional.
BB.
My guess is that when presented with a BOSS business and a competing business, the BOSS business will attract more customers. Competition ensures most companies will do the right thing and WANT to attract confidence in their business.
If I'm wrong and everyone wants to keep the current state of affairs, then Bitcoin may not be able to compete with the fiat world and will remain a hobby among the few thousand users here.
"We did X and got robbed"
That's most certainly going to happen, but less frequently than without BOSS. And everytime it happens, we can amend BOSS to mitigate the newly identified risk.