If you had any doubts that the code that powers the applications you use is secure, then it's time that you see this in perspective. Because very unsurprisingly, the SANS exam of developers scored terrible overall in terms of security.
With the increase of hackers and such on the internet out to compromise your company, secure software plays an ever-more important role in running your network. So it's pretty sad when we find out that the software we're using is far more insecure than we thought.
The problem is this: corporations are getting larger and larger, while the amount of work that programmers do is getting less. Let me show you an example of the difference in work between a freelancing programmer, and one working at a large software development company: a freelance programmer writes code for himself. It's his living, so he does his very-best to keep the software secure and bug-free, because if it isn't people won't use the program, and the programmer won't make any revenue. Compared to a programmer at a huge company, there isn't any incentive. As long as the programmer codes what he is assigned, he gets his paycheck.
Then the company hires people to fix the bugs and holes that shouldn't be there in the first place, but even they don't have the incentive. And since they didn't write the code, they have to spend time trying to analyze the code before they can even begin. That is, if the company even bothers to fix the bugs.
It seems like the increasingly-popular trend in the software development industry is to spend as much time as possible actually developing features and other "goodies" which will help the software to sell, and very little amounts of time fixing the bugs that occur from implementing these features. This problem is from our whole culture of wanting it fast and cheap. And so that's what they get.
Going back to the freelancing programmers, there's also a decreasing number of them, due to the fact that shareware rarely generates revenue. People (myself included) download the software, either use it until it expires, or ignore the messages that say "please register", and in that way, deprive the programmer of revenue. This makes it very depressing to try to program, but considering the amount of piracy, we shouldn't be at all surprised. So they all join the big corporations who can give the public what they want, but we still aren't satisfied.
Remember, we can only have 2 of these: quick, cheap, good. It seems like we pick the first 2. Then we blame the crappy software on the software companies. But perhaps it's our fault, or at least our culture. Go figure.
