[giantg2]

"Cybersecurity is taken too lightly and it mostly boils down to recklessness of developers, they are just "praying" that no-one act on the issues they already know and it's something we must start talking about."

I agree that cyber security is taken too lightly. However, I think that many developers don't actually know about vulnerabilities. In many companies those reports get filter through other teams and prioritized by PMs. The devs tend to do their best at meeting the afressive schedules the penny pinching business people set.

[nradov]

Business managers sometimes make bad decisions (at least in retrospect) around budgets and priorities. But the reality is that there are a limited number of pennies, and if someone doesn't pinch them then there are no pennies left to pay developers.

[pixel_popping]

I frankly believe that many know what they are doing, take the average freelancer, developing for multiple clients on the same workspace (suicidal and ethically wrong on top of it) without even disk encryption enabled or straight up syncing everything in cleartext to dropbox.

[giantg2]

Or they're a freelancer because they arent good enough for a big salary job