Whenever one of these vulnerability apocalypse posts comes along I cannot help but think of the Litany of Gendlin:

  What is true is already so.
  Owning up to it doesn't make it worse.
  Not being open about it doesn't make it go away.
  And because it's true, it is what is there to be interacted with.
  Anything untrue isn't there to be lived.
  People can stand what is true,
  for they are already enduring it.

Imagine somebody finding a flaw in a mathematical proof and everybody being sad because a beautiful proof got invalidated rather than being glad future work won't build on flawed assumptions.

I get that the rate of vulnerability discovery can be a burden, especially for people doing FOSS in their spare time, but the sustainability problem with that has always existed and only gets exacerbated by the vulnerability stuff, but the latter isn't the cause you need to make go away.

The vulnerability looks like a failure on the dev team's part.

The patching cycle can become a problem for certain operations / industries.

Everybody hates the work, and security is often seen as a barrier and a cost center, not a driver or revenue.

> I cannot wrap my mind around why people think finding vulnerabilities is bad. The code already was broken before somebody published the vulnerability. The difference now only is that you know about this.

Try binge-watching old Star Trek episodes, to see how Spock deals with the illogical 99.9% of humanity?