Also very often software quality is absolute trash... With so many issues developers spend no time on thinking about most basic things... Like applying access control on reading/editing data or what field should a request update and what not...
And these parts are the simple ones. Not even talking about operating systems, networking and so on... If even easy stuff is wrong, what hope is there for complex...
Most software in indeed trash. There's neither the budget nor the will to fix it. The existence of "security" software is a symptom of systemic sickness, not the underlying disease.
And these parts are the simple ones. Not even talking about operating systems, networking and so on... If even easy stuff is wrong, what hope is there for complex...