Security is hard. Like really hard. This is because security is asymmetric. That is, the one doing the defending has to secure against all possible attacks while the one attacking only needs to find one vulnerability. It’s for this reason that any decent security engineer seems to normal people as an obsessively paranoid person. It’s because anyone that’s done anything in security knows that we’re all 1 vulnerability away from some really bad stuff.