As a software developer myself, I have seen developers rushing to finish the
feature they are assigned to, with little or no consideration for security
in the code—no security guidelines, no coding standards, just a mad
dash
to finish the feature. Next comes the security review, in which the
software obviously fails, and then comes the security-hardening phase.