Well written, it's good to see a honest and constructive approach to the problem. I fully agree an LTS branch should now be implemented, starting with 16.03, this is long overdue since the overflow bug of 2010. While it'd be nice for bitcoin "companies" (companies profiting from Bitcoin transactions) to contribute to core testing, it seems like they may only do so if they have to. Maybe now they will consider it? But in my opinion it'd be more likely they would want to throw money at the problem, rather than get their hands dirty.
All in all it was a good catch, the patch was rolled out very effectively and damage was limited to $0. It's good to keep sight of this, in one sense, this is a definite victory.
To me this is merely a learning curve, we never should trust any technology 100%, there will always >1% chance of an exploit, the question is whether it can be identified through rigorous testing, or whether a malicious actor will discover it first and therefore exploit it. This is the logic we need to work on, remembering that no code is perfect.
What concerns me now is knowing that there may now be more malicious actors studying the code for any future exploits, as opposed to Core testing.
In open source world we have always seen that startups or companies that use the open source programme always to have a full time payment developer to contribute to code. Great example for this is Linux.
Bitcoin is an open source paradox programme imo because the most of the companies that get great profits from it have never feel the needing to contribute to code, an example for this is Coinbase.
Many of them also want to replace it with something that full control it and act as someone that like to destroy it.
Great example to this is Bitmain, Bitpay, Blockchain info.
