They are not like gold bricks in a safe. It’s not apples to apples, per se, but the point is that components require updating. If the software is not updated, problems arise, and we face security vulnerabilities like https://thenewstack.io/one-year-of-log4j/.
People still use old versions, as illustrated with Log4J, where people are still relying on outdated and vulnerable software components. “It’s a very classical case of a security issue, it’s not something novel,” Behlendorf said.