Not necessarily. Despite us armchair critics, it is also very easy to miss an attack vector when building your software. We find stuff after years that we can't believe we missed like a missing auth check.

Not that unusual at all when you are talking about 10s of 1000s of lines of code written by different people over the span of about 8 years.

That’s why I favored detection at the top. I’ve worked on complex code signing apps that the blockchain people would recognize. Shit is hard. You can’t stop many things and still make money. But if you figure out what the boundaries are of the nominally running system, you can chart or earn when you start to lose the plot.

I prefer charts over alerts, because as the company grows we keep forgetting to update the alerts. But then you need people who look at the charts between other tasks or you won’t catch anything and have to go back to alerts.