"The invention of the ship was also the invention of the shipwreck" ― Paul Virilio

Good analogy.

Question here is: can they fix potholes faster than new ones show up?

Seems answer is no for tech. And construction, these days.

It takes an expert to know that there's vulnerability. Whereas construction engineer can "see" the pothole and so they can fix it. Software engineer has to "know from exploits" that there's a vulnerability so they can fix it. It's not far away when OS are written in memory safe languages like Rust.

You mean far away like 1961?

https://en.m.wikipedia.org/wiki/Burroughs_large_systems

Nowadays still being sold to governments that care about security.

https://itupdate.com.au/page/unisys-clearpath-mcp-unsurpasse...

https://www.unisys.com/ms/client-education/course-catalog/cl...

Or maybe 1983?

https://en.m.wikipedia.org/wiki/Rational_R1000

Maybe 1982,

https://news.ycombinator.com/item?id=22375449

Plenty of examples (those are a tiny snippet) on how safe OSes should be written, until there is liability the easiest way will always win.

It's more complex to find security bugs, yes, but I think the analogy stands.

In order for a construction engineer to "see" a pothole, they need to actually know where the pothole is and physically go there.

When you have millions of kilometers of paving across a continental-sized country, like the US or China, for example, this is unfeasible. "Seeing" a pothole isn't so simple as it might give you a first impression...

I think the answer is probably an astounding yes for both, if you think of the trend of vulnerabilities/units of software generated.

The move to a large majority of software being run in a sandboxed environment has drastically reduced this sort of thing.

They surely do, because if I can prove the pothole broke my car, I can sue them, or have my insurance take legal action.

Eventually this will be standard in software as well.