Those stories were fun, but they all were the result of security decisions by software engineers inexperienced with security. So am I implying that the people with the erroneous thinking are always from the ranks of developers?

Of course not. It is just that the inevitable result of the intersection between Infosec and software development is simply that there are a lot of stories in that particular arena.

Lest you think that I hesitate to point the finger at our own crew, if you will, let me share some stories about security people screwing up, often by providing the wrong guidance. One thing that goes without saying when security people give the wrong guidance about security is that unlike ...