TL;DR: All the current stuff is flaming garbage, but that's ok, we're basically where the web was in 1995. Just with a lot more scams instead of VC pitches.
Also to reiterate: "which would not be eligible for CVEs, since this is pre-release snapshot software" is not correct. It's usually correct, but not 100%.
CVE does cover "pre-release" software, part of the argument being you can't simply label something as "beta" and escape CVE coverage especially if millions of people are using it (Google's Chrome web browser was a good example of this). For example:
https://docs.google.com/presentation/d/1V7UGmTw1pR6HsT8kF8dh...
TL;DR: All the current stuff is flaming garbage, but that's ok, we're basically where the web was in 1995. Just with a lot more scams instead of VC pitches.