> I wouldn't assume that all of those security mishaps stem from an endless series of blunders from "stupid" programmers.

The saying doesn’t mean that all vulnerabilities are blunders. It means we shouldn’t automatically assume vulnerabilities are nefarious.

If closer inspection proves beyond reasonable doubt that it was placed there deliberately and maliciously then that’s different.

But the point is most vulnerabilities are blunders so it’s better to assume that until proven otherwise.