> This chart suggests an interesting security economy: to harden a system we need to spend more tokens discovering exploits than attackers spend exploiting them.

What's new?

It was always about spending more money on something.

Team has no capacity? Because the company doesn't invest in the team, doesn't expand it, doesn't focus on it.

We don't have enough experts? Because the company doesn't invest in the team, doesn't raise the salary bar to get new experts, it's not attractive to experts in other companies.

It was always about "spending tokens more than competitors", in every area of IT.