This document discusses vulnerability management and the role of automation versus humans. It notes that cybercrime costs hundreds of billions annually and that automated testing is only part of the solution to security issues. While robots are good at detecting known vulnerabilities, humans are needed to identify unknown issues. The document advocates for an "onion" approach combining various testing and validation techniques, from design reviews to monitoring, to fully address security vulnerabilities.