[nur0n]

I think the inverse argument can be made against shared libraries: if an update introduces a vulnerability, now all programs which depend on that library become vulnerable.

[flingo]

Security problems often exist for years at a time.

Rather than making all of those applications vulnerable at the same time, they slowly become vulnerable as the release binaries are linked against bugged code. If it's not linked at runtime, or recompiled, it'll be vulnerable forever.

[therein]

I would like to think that projects overall tend to fix more bugs than introduce them. It's not like projects go from orderly to disorderly over time.

[quickben]

But some are high value targets (crypto ones, etc).

[antaviana]

If I write malware, I guess it’s possibly easier to infect one library than thousands of executables.