Simplistic View
The trend for a number of years has been Agile. All that matters is delivering stuff fast and if you are lucky fixing the worst of the bugs as they go. Nobody is interested in proper testing or security because it slows down the release cycle of shite that is spewed out. Automated testing is seen as progress but it never appears to occur to people that if you test to get results and the people who wrote the tests also developed the software, it is a recipe for failure. This is overlooked because all the test usually pass.
Management are happy because they see lots of stuff happening and can honk on about how productive their developers are. Security and infrastructure teams get increasingly marginalised because they are seen as blockers to the business of release stuff quickly.
Even where there is really high regulatory compliance there are still errors.
Often the only time that back-end teams get involved is when it is too late and there has been a breach. Then it is all about closing the stable door however this is only in the short term because very quickly we are back to square one and so the cycle continues.
Mostly companies get away with it because the resulting holes in security are not sufficiently bad to lose customers money directly. Very occasionally something like the BA fiasco hits the news.
Biting the hand that feeds IT
