This is a great read and I thoroughly enjoyed it. In 98, I went to basic and missed this completely. On the federal side of things, I think we have made more progress towards secure systems, particularly in the DoD. We still have a ways to go as cybersecurity still feels like a bolt on at times but I think it is getting better. This is thanks in part to the DoD pushing the NIST Risk Management Framework and some of the ground work laid by the NDAA of 2013. One of the unique provisions there was to require software developers to start doing some kind of source code analysis and looking for security bugs earlier in the development process. Since then, I have worked on several projects that have implemented source code analysis. It may take a little longer to develop “secure” software, but that time to develop is far shorter than the time to fix after it has been developed.
Thanks