True security can only come from understanding how your system works. Otherwise, you're just inventing a religion, and doing everything on faith. "We're fine, we update our dependencies." Except you have no idea what's in those dependencies, or how they work. This is, apparently, a controversial opinion now.
