> I've dealt with plenty of incompetent people there too because the organization does not reward technical excellence and quality

Organizational dysfunction transcends all boundaries, but to a certain extent the kind of issues that lead to the kind of incident such as the one above happen because the affected product (e-Dukaan) is viewed as a cost center by Tata Motors.

Sadly, in most cases, a lot of security will always be viewed as a cost center and never prioritized unless forced to due to insurance, audit, or regulatory pressure.

That said, a thesis I've had for a couple years now is that if we can successfully shift-left by turning security into a DevTool problem as well as an organizational problem, we can both reduce remediation time as well as build stickiness for security products. The AppSec category has definetly adopted this kind of mindset.