I know all updates can be behind a paywall and still be FOSS but it really hurts the public good / community aspects that make FOSS great to me.
If companies abuse public good, how should the public protect itself and still stay great?
From a policy stand point I think stakeholders should sue when a major security breach tanks gets identities stolen, the stock or worse and CTO failed to buy down any risk with SLAs on key software.