[mulmen]

The security vulnerability is very real. Should this same treatment be applied to the people who write code? If a software vulnerability allows an attacker into the business should that developer be fired? What if it's a UI bug that causes the company to lose sales. Should they be on the hook?

I think a more constructive reaction would be to say that phishing training is important and should be implemented or revised. In addition technical solutions should be investigated. Perhaps some of the infallible people who never fall for phishing attacks can automate part of their brilliance for the mere mortals.