When a developer ships a new contract, they get a set of audits done by security firms that identify common issues, run a bunch of tests, and when they feel secure enough, deploy the contract to mainnet and hope nothing goes wrong. From that point on, security practices are entirely manual and reactive. If an exploit happens, hopefully the team is awake, paying attention and in a position to mitigate the damage quickly (if that is still possible). 

Source: https://blockchain.capital/forta/