There are architectural components to our security problems (we still run systems with 1980s security models) and that needs to change.
By the way, I have no idea what "prince of bandages" means.
I'm an embedded guy, so I'm looking from the outside in. Whenever I have to trunk something to the server room, they're usually trying to do just one thing, like e-mail (just as an example).
Of course there's an OS firewall, but you can't trust that, so you have to have another firewall, and that doesn't help so much with DDOS, so there's also cloudflare, and the firewall doesn't understand e-mail, so there has to be an e-mail pre-filter, and you can't really trust the OS to isolate things, even though that's kind-of in it's job description, so you have to have a hypervisor, and since some things are too important to trust to the hypervisor, you have an extra box or two, and now that you have a half-dozen different systems in play, there has to be some form of monitoring service. I have seen almost every layer of this melt down in one way or another and take the rest of the chain down with it, and that isn't even my job.
I just think if we had saner hardware, where we could write performant-enough code without having to dirty our hands with pointer arithmetic, memory boundaries, manual boxing and tagging, manual memory management / software-based garbage collection, etc., we'd at least be in there with a shot at writing an e-mail server that could be put straight behind cloudflare that would also let the IT guys drop their prilosec prescriptions and get eight hours of sleep every night.
edit: my main point is that PC architecture is garbage. when I wrote "code review", I meant over the silicon. Both DeRaadt and Rutkowska are putting their fingers in the dam. It's heroic, but it's also a waste of two very bright people.