Hopefully such automation also covers fixing instead of giving open source devs headaches, like the one over some obscure codec from the 90's.

Nevertheless, attacking is a targeted endeavour, unlike defense. Fixing is, in _general_, more difficult in theory.

* reference to past google and ffmpeg incident