So what should happen when the threat model changes? Just abandon all software, ossify it in a poor state, or something else?
You always to be advocating for ossification to avoid breaking apps which are no longer ok under an evolved threat model.
Finally, you didn’t actually answer the question I asked. It’s all very well and good to say how things should be, but people have to face the world as it actually is instead.
Do you feel the same way about Windows finally starting to take security seriously back in the mid 2000s?