Native AOT.. the promise that was made 25+ years ago in Java.
Of course .NET was a licensing issue of Java, so this counts
I guess you haven't heard about GraalVM Native Image yet, then.
Readit Newsandwoe commented on .NET 7 introduces Native AOT devblogs.microsoft.com/do... · Posted by u/DeathArrow
I wouldn't touch this with a ten-foot-pole without an explicit patent grant. Oracle has misbehaved too much in the past (and present) to ever be trusted again by the open source community in my opinion.
You know it's really motivating to read such comments after you've released years of work as open source...
8. Consumers are naive, yes. But the software industry itself is naive about the security threat.
9. The social exploit is part of the code exploit.
10. The FOSS axiom "More Eyes On The Code" works, but only if the "eyes" are educated. FOSS needs material support from industry. A MSFT engineer caught this exploit, but it still was released to G.A. in Fedora 41, openSUSE, and Kali.
11. The dev toolchain and testing process were never conceived to test for security. (edit: Also see Solarwinds [1] )
= = =
[1] _ https://www.wired.com/story/the-untold-story-of-solarwinds-t...
That's the whole problem right there: lack of eyes on the code. If this code was actually maintained by more than one person, there's a high chance one of them would have caught on to it.