[smingo]

Totally valid point. Escrow then open sourced, or perhaps even some insurance policy so that the future patching and vulnerability remediation is guaranteed.

There's a bunch of stuff consequential to EO 14028 which could allow for some automation of library vulnerability.

[whats_a_quasar]

I was trying to think of ways to finance it, and "future patch insurance" is clever! There are other sorts of business insurance where the insurer is liable even if the business no longer exists, so it would be doable. Though a policy would require a level of technical competency that other insurance policies don't, since their providing a guarantee of service rather than a guarantee to pay out a certain amount in damages.