What would motivate its existence if not government?
Google has Project Zero, but it's quite limited in scope, mostly focusing on things in Google's supply chain. What other evidence is there corporations will fund the scale and scope needed to secure the whole ecosystem (that everyone depends on at this point, Open Source won)?
Lots of the security-related organizations that currently exist merely find and report exploits, often even asking for compensation from the maintainer of the software for reporting it (even if it's a bullshit report: https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-f...). Putting more work on volunteers isn't a reasonable ask.
Google has Project Zero, but it's quite limited in scope, mostly focusing on things in Google's supply chain. What other evidence is there corporations will fund the scale and scope needed to secure the whole ecosystem (that everyone depends on at this point, Open Source won)?
Lots of the security-related organizations that currently exist merely find and report exploits, often even asking for compensation from the maintainer of the software for reporting it (even if it's a bullshit report: https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-f...). Putting more work on volunteers isn't a reasonable ask.