Comment by romaniv
6 hours ago
What this shows me (again) is that the whole system where vulnerabilities need to be constantly discovered, reported, analyzed, then patched, then the new version distributed to every singe user - again and again - is quite obviously unsustainable. The industry must come up with some alternative system for dealing with bugs and security issues. Currently the industry prefers to play dumb and turn its own failures into a profit (rent seeking) opportunity.
What's the better solution?
Also, what's an example of this rent seeking in open source you're talking about?
> What's the better solution?
IMO Writing correct software the first time around - so formal methods.
But the tooling isn't there yet (though lightweight versions, e.g. strong type systems like rust's, are and significantly reduce the security issue load).
I think you're right, and the solution is security through compartmentalization. See: https://qubes-os.org.