So how many managers have been convicted of gross criminal negligence over these defects? None? So then the conclusion is that nobody did anything wrong and nothing needs to change?
(I say "managers" because I assume that in each case there was some manager who rushed the programmers so much that they didn't have time for correctness, and who didn't arrange for penetration testing.)
