I commented in my FOSDEM talk that FOSS is necessary but insufficient for security, and that we need an OCap/PoLA foundation; some recent malware examples like the event-stream takeover might be arguably still FOSS.
Well, here's more examples: malware appearing in FOSS browser extensions https://lwn.net/SubscriberLink/846272/37d25507fa3e9cd3/
(the forementioned talk) https://www.youtube.com/watch?v=tqrzag__X7o https://share.tube/videos/watch/fd98bbdd-8c2e-4229-b0c7-e7b16937901a
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!