In this talk, I would like to come to a conclusion why developers and programmers are simply that bad at security, and why there is such a big discrepancy between business and IT? The software out there isn't getting better - just worse. We are talking about clear text APIs, hard-coded passwords in websites, poorly configured internet-facing infrastructure like FTPs, usage of end-of-life VPNs, etc. Would you feel safe if the plane's pilot did not have valid flying training or a valid license to fly? You don't even question that when you are boarding a plane, and you assume he knows how to fly the thing, right? Now, how come developers only need to know how to code, without any kind of license or official training or even basic code-of-ethics training. I have seen how the whole SDLC goes to sh*t because someone just went for the functionality without considering what could go wrong.