It could be that poor software development is at least a factor in the biggest cyber threat.<p>Problem is a lot of people get into programming and take beginner courses in various languages without learning how to debug or do security checks or quality control.<p>When I worked in the late 1990s, I was hired because I could fix bad code and make it work better. I knew how to do quality control checks, how to validate inputs to strip out SQL code and HTML code that is used for injections, how to check anything submitted by the user before processing it to make sure the data length wasn't over the limit to cause a buffer overflow, etc.<p>Things changed and I became a dinosaur. There was no need for programmers like me anymore, they hired them young right out of high school or college dropouts and my two degrees didn't matter anymore. I developed a mental illness and ended up on disability, but I still try to keep up with things.<p>Management always went for cheaper labor, be it via offshoring work, hiring H1B Visa workers, or hiring dropouts who can work for less. Cheaper labor didn't always mean quality work. Shortening deadlines on developers means they take shortcuts to get stuff done and write sloppy code just to meet deadlines.<p>My style of programming was out because it took too much time to finish. Managers wanted products out to market sooner so they could get a jump on the competition. As a result the code was not tested enough to find the security holes in it.<p>The web apps I wrote in 1997-2001 were almost bulletproof, I had developed a method in writing secure and quality code. They used ASP 3.0 and server side VBScript, but the whole technology changed to ASP.Net and C# instead. At least on the Microsoft shops.<p>Poor management can be a factor in insecure programs if the managers shorten deadlines and don't hire people to debug and check the security and quality of the code.