Third option. Let’s donate to a FOSS security validating organization that gives a badge of approval to a specific software and version. Mozilla comes to mind. I would be much more interested in using certain FOSS software if I knew for sure it was verified by a reputable source that was not corrupted by a corporation.