I'd say that is entirely correct. I worked for a while on the Trustworthy Software Initiative, which looked at how we can make software more secure and reliable.
We found that the economic incentives basically work against it. The only practical ways to improve it seemed to be raising awareness and education at the people level (important but not sufficient), and regulation/liability at the corporate level (the only way to really move the needle).
We found that the economic incentives basically work against it. The only practical ways to improve it seemed to be raising awareness and education at the people level (important but not sufficient), and regulation/liability at the corporate level (the only way to really move the needle).