Why do all these companies with pretentious attitudes exist when the average* software still takes 30 seconds to show a paragraph of text? Ironically whenever these companies take the security test, they not only fall flat on their face, but are proven to not have the slightest clue how to do basic stuff like string escaping. I actually looked at the code for one of the top Haskell companies with the same attitude, and the story I just wrote is precisely what happened. Jane street sounds like a level 2 company like these Haskell companies and Cloudflare: They can escape strings, but only in places that have been famously exploited thousands of times, like SQL; they don't know how to actually know when the problem presents itself in a different unusual context, which they may have made themselves. It seems you need a million dollar employee income to reach level 3, and for level 4+ you simply need to be someone who is genuinely interested in the topic (as there is no monetary incentive) and have spent 10 years reaching it. Also, this applies to all aspects of tech, not just software security.

* not even average, this describes almost all software made in the last 20 years.