[randmeerkat]

The problem is it isn’t about nailing on the security skillset. It’s about executive motivation.“Security” is all about doing enough to shift liability and nothing more. Until executives are liable for security breaches this will continue.

[CrazyCatDog]

Actually, this smells a lot like a financing decision. Delay near term revenue to ultimately land a bigger purse down the line with additional features or bugs squashed provided the competition doesn’t beat us to the finish line. As the enterprise grows (customers/features -> lines of code) the liability associated with an attack increases—suggesting more care is needed with every release. And, knowing that you cannot keep up with scale by adding workers in parallel implies the following unsubstantiated claim:

As a piece of software grows in length, the releases must be fewer and further apart. Otherwise, the team is taking shortcuts and the liability will eventually catch up with them.

With that framework in mind: if large software company X stretches out their release schedule, their share price will fall, eventually appealing to activists who want to control/replace leadership (ironically for doing the right thing).

I’m a true and through capitalist—please don’t get me wrong, but this is creative destruction at its finest!