The people building the "black box" need to know what they're doing and it needs to work. Period.
But human nature prevent it, we know for quite a long time that software is never perfect and that security is never absolute. Diversity is the solution mother nature is using. I've wrote quite a lot of backend/server code, but I tend to use non-standard code to avoid vulnerability. Interoperability/Common Standards is a very good thing, but we don't have to all use the same implementation. Also, never trust something you don't understand.
Committees have become so important nowadays that subcommittees have to be appointed to do the work.