[arunc]

It takes an expert to know that there's vulnerability. Whereas construction engineer can "see" the pothole and so they can fix it. Software engineer has to "know from exploits" that there's a vulnerability so they can fix it. It's not far away when OS are written in memory safe languages like Rust.

[pjmlp]

You mean far away like 1961?

https://en.m.wikipedia.org/wiki/Burroughs_large_systems

Nowadays still being sold to governments that care about security.

https://itupdate.com.au/page/unisys-clearpath-mcp-unsurpasse...

https://www.unisys.com/ms/client-education/course-catalog/cl...

Or maybe 1983?

https://en.m.wikipedia.org/wiki/Rational_R1000

Maybe 1982,

https://news.ycombinator.com/item?id=22375449

Plenty of examples (those are a tiny snippet) on how safe OSes should be written, until there is liability the easiest way will always win.

[rmbyrro]

It's more complex to find security bugs, yes, but I think the analogy stands.

In order for a construction engineer to "see" a pothole, they need to actually know where the pothole is and physically go there.

When you have millions of kilometers of paving across a continental-sized country, like the US or China, for example, this is unfeasible. "Seeing" a pothole isn't so simple as it might give you a first impression...