Security industry going to be okay - someone will always pay for 0-days. If vendors wont pay its just gonna be US agencies, Israel resellers, China or Russia.
If you don't feed your army, you will soon feed someone's else's.
These days corporate security treats these workstations like a dummy terminal. No secrets live on the workstation. You have to re-auth with sso constantly with biometrics and are basically editing data that is in a cloud. So the risk to a corp is minimal where even in the worst case they are insured.
Zero days like this are being disclosed regularly so the idea of securing a windows workstation is tantalizing but you'll never feel satiated trying to drink that water so don't even try.
So yea there's plenty of windows users but we're certainly not hosting anything important on those boxes and would frankly be aghast at the suggestion.
> These days corporate security treats these workstations like a dummy terminal
Correct, "zero trust" is the buzzword but this is how Microsoft even recommends you set up your endpoint infra. Assume breach, treat every endpoint as if it is currently compromised or could be at any time. Laptops are basically ephemeral, when set up right, and can be wiped and re-imaged within an hour or less.
That's not unique to Windows either, that's how all employee/user endpoints should be managed.
Not to mention all the startups being founded right now. Sure, github's still the default, and maybe you can still monetize stars or something, but it's also a clown show from an availability, feature roadmap and company policy perspective.
Is it really fiscally responsible to tie your company's future to that?
I wonder if anyone tracks metrics for this stuff. Percentage of stuff with a repo there is probably still high, but what's happening with stuff like github actions, and are devs directly pushing to github, or are they just mirroring an internal / other provider's git repo to it?
If researchers stop believing MS will treat them fairly it's bad news for the entire security industry.