Re: The bad news
"5000 years to accumulate 100m CVEs."
Yep. I'm suggesting that You, and everybody else are vastly underestimating the number of potential security issues in modern hardware and software. Not every bug can be exploited of course. But a lot -- maybe 2% or 3% of the total coding and design flaws -- can. And "flaws" includes things that don't look like problems at all until someone figures out how to use them as attack vectors. Heck, the patch mechanism itself can be (and has been) used as an attack vector -- and probably will be again.
And keep in mind that if, as in this Android case, a security bug is present in dozens or hundreds of discrete products, it has to be patched and tested by dozens or hundreds different entities, then installed by thousands or tens or hundreds of thousands of entities. How likely is that to actually happen?
What I'm suggesting is that information security in a highly connected world is very likely Y2K on steroids and nowhere near as easy to fix.
Think about it for a while. Unlike climate change, specious immigration crises, flesh eating bacteria and other media favorites. Information security just seems to get more frightening the more one thinks about it. For example, point your favorite search engine at the term "data breaches". It's clear that everyone has their own numbers and some of the apparent increases in data breaches are surely due to better reporting. But it certainly seems that the rates of data compromise are increasing substantially over time. And that's just one aspect -- probably not even the most critical aspect -- of information security.