One thing Bray doesn't bring up is that there is tension between the countermeasures. For example, security audits are over-burdensome if releases are too frequent, but release must be frequent if we are to have the most complete protection.
To satisfy both requirements, we need to finally accept that the browser is not a monolithic program anymore: it's a small operating system, encompassing many modules and coordinating multiple processes, not the least of which is a virtual machine for running arbitrary code. If we want something that can sit still long enough to be audited but updated fast enough to cover gaps then we need to break up the browser into smaller, recognizable bits. Like an operating system, we need to write code to do one thing, do it well, and maintain a standard interface. Each of those modules can then be independently audited.