Comment by aleph_minus_one

> For whatever reason, distro maintainers working for free seem a lot more competent with security than billion dollar hardware vendors

I don't believe that these billion dollar hardware vendors are really incompetent with security. It's rather that the distro maintainers do care quite a bit about security, while for these hardware vendors consider these security concerns to be of much smaller importance; for their business it is likely much more important to bring the next hardware generation to the market as fast as possible.

In other words: distro maintainers and hardware vendors are simply interested in very different things and thus prioritize things very differently.