[black_knight]

Do you mean that role based access control (RBAC) should be replaced by something else? Or that just the specific RBAC models in use are broken?

I personally think the, perhaps confusingly named, capability based security models are the way of The Future.

[rswail]

ABAC/Capability and very granular policies for both actions and actions on behalf of others with the right sort of resource-based policies as well. And the apps need to be capability constrained and sandboxed.

Gonna be a hard nut to crack to implement this across the supply chain.

Transitive dependencies are a bitch.