(no title)

Knight didn't have a proper risk system. A correct risk system is a dead-man switch. There is just no way to place this many erroneous orders and get them filled. Capital Limits Exceeded: Full Shutdown. Risk System Crashes: Full shutdown. Heartbeat fails: Full shutdown.

Better to have a paranoid risk system than a rouge strategy.

The real flaw wasn't legacy code, it was straight-up laziness. This really isn't rocket-science.