People conflate risk (likelihood of the event) and hazard (amount of harm if the event happens) and I think it degrades our conversations. The issue with software is that hazard has quite a large range, due to class attack (hitting all instances of something at once, like a software update poisoned with malware) and I don't think even software developers understand the scale of a worst case scenario, let alone most politicians.