Backwards compatibility takes us … backwards
Unfortunately, once you keep support for old, vulnerable versions of your software, people will continue to use old, vulnerable versions of your software.
Vendors shrugged their shoulders, and pundits blamed software users for choosing to use a working-but-vulnerable version instead of a broken-but-patched version (as if that was a real choice). And as more users continued to use the vulnerable features, vendors had to continue to support the vulnerable versions, which enabled more users to rely on the vulnerable features, which … you get the picture.
Software has mostly stopped being single purpose, where a vendor can understand exactly how their customers will use it. Instead, it’s become general purpose, with most software doing very simple things well, but being used in highly unpredictable ways. And no longer does an IT team even install most software, because most organizations are no longer “metal-native” — owning their own computer systems — but are instead cloud-native, SaaS-native, and AI-native.