Hey, I agree we're only at the beginning of very bad things for information security problems.
However, putting blame so heavily on the devs isn't constructive. They're subject to the same forces as the infosec people-- clueless corporate hierarchies and derpy project managers that blindly push through deliverables.
And yes, I DO want to trust my data to orgs that take a cooperative problem-solving approach where people genuinely want to do the right thing, are encouraged to do so, and aren't afraid to challenge ideas.
Sorry, but the info-sec "mall-cop" approach doesn't do this.
However, putting blame so heavily on the devs isn't constructive. They're subject to the same forces as the infosec people-- clueless corporate hierarchies and derpy project managers that blindly push through deliverables.
And yes, I DO want to trust my data to orgs that take a cooperative problem-solving approach where people genuinely want to do the right thing, are encouraged to do so, and aren't afraid to challenge ideas.
Sorry, but the info-sec "mall-cop" approach doesn't do this.