I think the root of this is you cannot buy "security". It has to be part of the engineering ethos at all levels. This gets really hard to do at scale. Pouring money u to Blue teams is too late in the process.
This. If you want something secure everything has to be created from scratch. The OS, languages, tooling, every software etc. etc. Nobody will ever do that. And even if they did something will fuck it up on higher level.
Maybe there is a genius in the statement “640K is all the memory anybody would ever need on a computer” in that it would be harder to fuck up something much smaller and simpler.
No, those smaller/simpler systems are much easier to fuck up.
In order to have secure systems, you need to add a lot of complexity overhead that earlier systems simply could not afford. Proper process isolation is a good example - extra complexity, but absolutely necessary unless your chip limitations make it impractical. Permissions for memory pages eg. W^X policy. Stack canaries. Address space layout randomization. All things that add extra complexity and resource usage, but without which it's much easier to exploit systems and any single mistake means it's game over.