I believe Zoom's continued struggle represents the state of software development in 2020.
1. Are you a software engineer?
2. How many "security" tickets have you been assigned in your career?
3. Has your employer ever paid for security training for you? (and I'm not talking about annoying powerpoint websites that teach you how to identify phishing emails)
4. Has your organization ever run a blue team / red team exercise?
5. Who is in charge of APPLICATION SECURITY at your company? (Not network security, or database security, but actual APPLICATION level vulns)
6. Does your organization scan for outdated dependencies? (Do you uncover CVEs in your software on your own, or do you check how bad things are when the news tells you something big happened and might be in your stack?)
7. Are you running a web application, and have you implemented ANY security headers?
8. Did your business unit mandate that "we support all browsers", so they still have you running on TLS v1.1? (who tf knows, or cares, am I right?)
9. Do you use the software you built? (Is your personal information in the database, along with legitimate usage stats, and possibly sensitive information you'd like to protect, or do you just write the code and deploy into the void?)
10. Do you have access to the production systems or database? (Most likely the answer is NO, so you wouldn't know about brute-force attacks, invalid requests, corrupted data, or other anomalies the developers should have their eyes on).
My diagnosis; the profession of software development is a victim of a hostile takeover from product managers, while pushing engineers out of control of their domain.
My recommendation; use the least amount of software you can get by with, and assume it's compromised.
11. Do you audit third party libraries for security, malicious intent, and longevity?
110% recommended.