>> are the product producers merely careless or chopping corners of their product designs?
I have been a tool safety guru for greater than ten years, and not one of the corporations I labored for, whether or not Fortune 100 or business corporations transport business tool, fastened the entire vulnerabilities we discovered earlier than transport. (Some set the bar at “high” and a few as “critical”, however no person halted the presses for “medium”.) For all I do know, many of the vulnerabilities we discovered perished on a disbanded staff’s backlog years in the past to the pleasure of hackers far and wide.
But the larger drawback will be the code that shipped that we by no means noticed, whether or not it was once an intern’s “hackathon” venture shat onto the internet, one thing that crawled out of a pool of H1Bs, or a third-party app grafted in to faux reporting sufficient to get previous the demo with the large shopper. I’ve extra horror tales than I will be able to relate involving such things as this.