> The second approach is organizational. For example, Iron Bank currently offers only one price to its users: free. While this may seem “low cost,” software companies have no motivation to provide secure and high-quality components to Iron Bank because they cannot charge. If Iron Bank created “private” repositories that allowed companies could charge for access to high-quality software building blocks, it seems likely that Iron Bank images would have dramatically fewer known vulnerabilities.

Ah yes, because this is historically what has happened.

Yes, it's laughable for anyone whose in in IT, and the author is in IT. It's nonsense. And then see yet another article making the same argument:

https://news.ycombinator.com/item?id=39947843

This article is the third I've seen where proprietary vendors, after the xz backdoor, try to claim that FOSS is inherently insecure. For example,

> the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

If you use propriety applications, it's true that you'll have fewer CVEs. And of course, nobody at another company ever discovered a backdoor in their proprietary applications.

(In case you don't read the tone: /s)