[_wldu]

I agree 100% with this statement (and with the article in general):

    “Basic hygiene” is arguably better than any of these bolt-on option, including things like:

    * Knowing what dependencies are present
    * Being purposeful about what goes into your software
    * Choosing a tech stack you can understand and maintain
    * Choosing tools that are appropriate for the software you are building

[MattPalmer1086]

It's true in security in general, that really sticking to basic hygiene would mitigate a lot of more advanced threats. We haven't had much success over the decades though in getting people to stick to it.