"[…] It is clear that the current process is based on the learnings, and frustrations, the [#Linux #kernel's CVE] team has faced in the past. […] By taking this position, this effort is now duplicated across thousands of engineering teams ad infinitum, […]"
Well, yeah, but guess what: maybe then the companies behind those engineering teams will join up and invest money to handle the problem "[…] at the source, in a central, efficient and reliable manner. […]". 😬
https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/