So how do we eradicate Nail? It's a tall order, and I'm not convinced we can do it completely.
After all, you would expect naïveté to dissipate in the face of countless headlines about other products' security fiascoes. I haven't noticed that happening. Naïveté and a bit of misplaced hubris are a dangerous combination.
Ignorance can be overcome, and there are many security guys like me who'd gladly help software developers learn about the security controls they can deploy with their products. That, however, requires the developers to actually attend some training and then put it into practice.
As for laziness - well, there we're up against a very formidable foe, human nature.
Despite that assessment, I'm an optimist. I'm convinced that if you've assembled the right staff, armed them with knowledge and inculcated a culture of putting quality and security first, things will change - especially after my recent encounter with a top-notch security organization. Which of you product developers wants to be first?
Sign up for CIO Asia eNewsletters.