Alternative take: users have no standard way to understand a product’s security posture and whether that posture is continually maintained. What would a “product recall due to internal security issue” look like for software?
“Users have a remarkably low baseline for caring about security.”
https://cyberweekly.substack.com/p/cyberweekly-247-delivering-what-the