> I don't understand why people leap to the conclusion that these events are inevitably the outcome of neglect.
Because that’s what happens 90%. Of the time.
In most cases I’ve seen, there are zero people on the team who could describe themselves as having any kind of expertise in security. Developers explicitly know about at least several vulnerabilities, but management doesn’t care to allocate resources to fix them, etc. that’s what’s happening in most shops.
Because that’s what happens 90%. Of the time.
In most cases I’ve seen, there are zero people on the team who could describe themselves as having any kind of expertise in security. Developers explicitly know about at least several vulnerabilities, but management doesn’t care to allocate resources to fix them, etc. that’s what’s happening in most shops.