In all seriousness, wasn’t that always the case? Writing bad code is relatively cheap.
Ensuring code isn’t bad is the expensive part.
Sort of?
The definition of "bad" from a security PoV is rapidly expanding, in light of relatively new capabilities and increasingly cheap access to exploitable vulnerabilities.
I don't think the definition of "bad" is expanding. Rather the ability to detect and exploit "bad" is.
loading story #48407265