> But if the code is both simple and there is no issue with it, then you can rest assured that there exist no hackers on the face of the earth who can exploit it
It's difficult to get there but it's often achievable and worthwhile. When a company is worth billions, what's the cost of aiming to reach perfection? What's the cost of not trying?
The cost is you lose to your competitor who offers features (complexity) instead of security and now all your effort is for naught.
People talk a lot about security but nobody actually values it. You just send out some Uber Eats coupons or free Credit Protection vouchers and keep on doing what you were doing and in a month everyone has forgotten.
I'd argue more aptly: what's the cost when this "perfect" solution inevitably fails? If it was easy (or even _possible_) to make perfect computers, I assure you we already would.
Nevermind a large org, I'd be surprised if you can achieve that perfection in tiny software written in the safest languages reviewed by experienced engineers.
Yeah, even if you review your own code and it happens to be perfect, you probably have quite a bit of dependencies that you definitely don't have time to review.
Ah yes, security through absolute perfection.