Vulnerabilities are not always disclosed to the public right away–for instance, that was the case with Meltdown and Spectre. In light of this knowledge, event logging might be the best defense.

https://www.techrepublic.com/article/look-to-meltdown-and-spectre-when-making-the-case-for-event-logging/#ftag=RSS56d97e7