Hacker News new | past | comments | ask | show | jobs | submit login

Lack of negative unit or integration tests.

This is the correct reason. Add security audit (internal/external) as well. Don't blame the developers. Blame the process. There will be days on which even the world's smartest person makes mistakes.

I agree auditing would be prudent but frankly the developer is the first line of defence and will share my blame.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact