What this shows me (again) is that the whole system where vulnerabilities need to be constantly discovered, reported, analyzed, then patched, then the new version distributed to every singe user - again and again - is quite obviously unsustainable. The industry must come up with some alternative system for dealing with bugs and security issues. Currently the industry prefers to play dumb and turn its own failures into a profit (rent seeking) opportunity.

▲

jjice 6 days ago | parent | next [-]

What's the better solution?

Also, what's an example of this rent seeking in open source you're talking about?

	▲	gpm 6 days ago \| parent [-]
		> What's the better solution? IMO Writing correct software the first time around - so formal methods. But the tooling isn't there yet (though lightweight versions, e.g. strong type systems like rust's, are and significantly reduce the security issue load).

▲

fsflover 6 days ago | parent | prev | next [-]

I think you're right, and the solution is security through compartmentalization. See: https://qubes-os.org.

▲

lofaszvanitt 5 days ago | parent | prev [-]

Yeah, pay the foss maintainers. Anyone, who uses these projects must pay a minimum fee. Companies expected to pay a lot more.