Platform Provider are responsible for protecting access to the platforms resources. The Security Architect is responsible for protecting access to organizational systems. Defensive programming and lack of trust in incomming messages are two of the design paractices that characterize secure development principles defined by the Solution Architect. The same concept of ownership comes into place for other types of prevention controls; if it concern a portion of the system under your control, then you are responsible for protecting the data, ensuring auditability and keeping the patches up to date.
devops/2017-09-10%20System%20Boundary%20Responsibilities.svg