How often are developers to blame for vulnerabilities?

It is believed that the principle of Security by design should be the basis of any modern development. Everyone talks about it, but in practice it is rarely used. The reason is banal – a competitive race of developers. Products need to be brought to market as quickly as possible. As a result, vendors first release software in order to earn money sooner, so that they can deal with security later.


A striking example of recent times is Zoom.

While he was little known, the developers did not consider it necessary to deal with vulnerabilities. As soon as the interest of the public, and with it the hackers, grew towards him, many holes were immediately discovered. The developers were forced to react urgently to this and these holes were patched up. Could they have done it before? Yes. But other tasks were of primary importance – to expand the functionality, “bring beauty”, increase the customer base. From the point of view of the market, this turns out to be justified, since users will not appreciate “the security of the application has been improved”, but they will appreciate “we have made new cool emoticons”.