That's not how security risk assesment work. You do get to decide when and how long you remain hackable and implement mitigating security controls. Not everyone has the luxury of being tolerant to outages and it is terrible security practice to take a forceful uncompromising approach like that with no consideration to why and how the software is being used and in what context.
The last thing you want in securing a system is for your securitu effort itself to be a security risk (availability)
The last thing you want in securing a system is for your securitu effort itself to be a security risk (availability)