it isn't like there's "Google Chrome" and "Russian Chrome", everyone in the world runs the same software with global distribution channels. and if the solution is "well, we'll make software distribution tied to geographic regions" how well do you think that's going to work, especially when there's a dynamic of "if you can get the Chinese Internet Explorer it will have way fewer bugs than the American one, and you can diff the two to find the bugs?"
1. US military hardware runs different software than Russian military hardware.
2. There are major geographic differences in the software, hardware and architecture of Industrial Control Systems. Not to mention vulnerabilities that might only exist in certain configurations which are common to the contractors building those systems.
3. Major powers are developing their own GPS satellite constellations. Some countries develop their own satellite software.
4. Most web applications are customized to the client.
5. Due to fears of hardware backdoors, it is looking like we might seen a balkanization of communication hardware (internet routers, etc). Note that their are already geographic and regional differences in cell and phone communications.
6. S. Korea's legally mandated https encryption, SEED, is not used outside of S. Korea. An attack on SEED software would be very specific to that country.
You are correct though in the notion that much of the consumer OTS software is global in scope. It really depends on the vertical you are attacking.
what planet do you live on where this distinction can be made?