Users assume the sites are safe and not malicious or open to attack.
There are an enormous number of implicit contracts between us as developers and our users that are not written down but are still "stuff that matters to users".
Ask a bank auditor if they think security holes does not count as "stuff that matters". Then try selling your services to said banks. It matters
There are an enormous number of implicit contracts between us as developers and our users that are not written down but are still "stuff that matters to users".
Ask a bank auditor if they think security holes does not count as "stuff that matters". Then try selling your services to said banks. It matters