Have a read through A hacker stole $31M of Ether — how it happened, and what it means for Ethereum, but make sure to get to section 3 where it compares the mantra of “move fast and break things” vs. the irrevertible code in a smart contact.
The problem is, blockchain programming is fundamentally different from web development.
Web development is far more forgiving. When you push bad code to a web server, it’s not a big deal if there’s a critical mistake — you can just roll back the code, or roll forward with a fix, and all is well because you control the server. Or if the worst happens and there’s an active breach or a data leak, you can always stop the bleeding by shutting off your servers and disconnecting yourself from the network.
And before you think “our developers are better, this wouldn’t happen to us”, read this:
The developers here were a cross-collaboration between the Ethereum foundation (literally the creators of Ethereum), the Parity core team, and members of the open-source community. It underwent extensive peer review. This is basically the highest standard of [programming] that exists in the Ethereum ecosystem.
Not sure the takeaway here, other than to be cautious about over-committing on any blockchain / smart contract initiatives.