Blind Leading the Blind: The Rise of Test-Centric Security