Conventional wisdom says that an attacker has the advantage since an attacker needs to find only one vulnerability, while the defender is only safe after fixing them all. Conventional wisdom is right if we stick to conventional approaches. The defender's job is easier than the attacker's if we use an unconventional approach that exploits our natural laziness. Code samples will show why it works.