Information security seems like it has especially never worked well as a silo. Without building it in proactively at the beginning and continuing to design with it in mind, software quality wrt security will always suffer badly.
Unfortunately the stark reality is that for almost everything, worrying about security means you ship things slower. It's not that people don't know they need to worry about it, it's that every short term incentive exists to shove it aside. And so people have, and do. Security doesn't drive user growth. (It can make people go away eventually. But it almost never drives adoption.)
There's a real tension between "move fast and break things" and "break down all the silos".
Unfortunately the stark reality is that for almost everything, worrying about security means you ship things slower. It's not that people don't know they need to worry about it, it's that every short term incentive exists to shove it aside. And so people have, and do. Security doesn't drive user growth. (It can make people go away eventually. But it almost never drives adoption.)
There's a real tension between "move fast and break things" and "break down all the silos".