Avoiding monoculture in computing is a fairly long-lived strategy that goes back decades. I'm sure that there are old #RISKSDigest posts. It's history that every new generation has to learn from, or be doomed to repeat.
Years ago, one avoided monoculture risks by being (for example) the people who were *not* running BSD Sendmail. (-:
@[email protected] Avoidance of monoculture. Whilst everyone else is being hit by the latest script kiddie fad, some malicious script writer is still scratching xyr head at the subset of target machines that reject the Bashisms, don't have lsof, put some stuff in /usr/local or /usr/pkg, have ftp or fetch rather than wget, and need this weird ifconfig command. The malevolent have relied upon monoculture for efficient scaling for over 4 decades. Ironically, when BSD was mainstream, the shoe was on the other foot. Example: In my HTTP servers's logs today, bad actors are assuming that a server accepts its own IP address as a virtual host, and has a /cgi-bin directory or a /.well-known directory. And they're sending HTTP/1.1 GET requests to GOPHER ports. Because they assume a monoculture of HTTP service, even on non-HTTP ports. There are some very obvious *other* attacks, outwith the monoculture, that they could try. But they don't. #FreeBSD #NetBSD
JdeBP