I disagree with the idea that the problem has to do with "non-security minded programmers". Certainly they exist, but the issue more often than not is that security is more expensive than non-security, so companies don't give their developers enough time to actually do security.
No comments yet.