We already have contracts in place to get security patches. That’s usually the InfoSec team’s problem anyway.
As a developer, my life gets hard due to library support. We manage internal forks of multiple open source projects just to make them python 2 compatible. A non-trivial amount of time is wasted on this, and we don’t even have it available for public use. 🤷♂️
Bro, which company expected you to do a take home assignment that took 2.5 months? Name and shame the fuckers.