There appears to be a culture among crypto devs to reject the standard practice employed, in the fiat world, by technology companies that individually represent more than $1, to hire third-party security companies to audit their software/sites.
Indeed, the God of Computer Science Vitalik Buterin in his infinite IQ, needed not the council of some dusty researcher with 20+ years of experience on formal languages for smart contracts.
According to apocryphal sources, Young Vitalik was editing some HTML5 for a responsive website, when Jesus Crypto descended upon an air-cushion delivering this message: "You shall invent a language, Solidity. It shall thus, by definition, be solid. It shall be built in Javascript's likeness."
Who was young Vitalik to ignore techno-divine instruction? And so Ethereum was built.
And its duplicate in under a year.
I mean, when your organization make $1,000,000+ from premined coins, you can't afford not to bootstrap. So it stands to reason that you shouldn't hire security researchers for several tens of thousands of dollars.
Indeed, so Stephen Tual thought when in his infinite wisdom, he and his band of pioneers coded an immutable smart contract in crypto-Javascript without an update function built in, to respect the divine theology of immutability.
"We'll just hard-fork #theDAO 2.0 once the fund reaches $1 billion" was his response.
To be sure, that code was hacked together, yet they exercised greater diligence than their crypto-counterparts.
They paid a security firm $200 to research integer overflow risks.
"DAO is going to the moon. So we'll have to add realllllyy big numbers" he explained.