I really think people in the infosec industry and .gov do not understand the type of horrifically insecure shit customers request of software vendors — even customers who are security leaders!
At one company, a large customer asked us to, in effect, build a remote access trojan (RAT) into the product.
I refused, for what I hope are obvious reasons.
A decent chunk of the software #security problem is heinous architectures festering with tech debt and blaming software providers won’t fix that.