I think we needs to understand better this first part, "While it is unclear from the report just how the hackers initially compromised Centreon, the report shows that, once inside, they used webshells to further their intrusion campaigns."
I used to struggle with the notion of software - Why is it that formal verification never took off? Then I realized, bad software is just another way of printing money for somebody somewhere.
Part of the "benefit" is the software breaking again in the future. Like I said, there is no cost to software failing and even a benefit. If people died when software failed, that 25x effort would probably become 5x dude to efficiencies of people actually working on the problem