"I've tested 135 ransomware websites, and I only found vulnerabilities in three of them," Stykas told us in an interview preceding his Black Hat talk. That amounts to less than 3 percent of ransomware groups having vulnerable web applications, which are typically used by threat actors to dump stolen data and publish ransom notes."That's not typical of businesses, where I usually find vulnerabilities in 40 to 50 percent of web apps," Stykas added.
as an engineer, i can tell you that apps ship out half ass because the unrealistic expectations and time pressure put on the devs by non-devs. if you do what you love, you'll never have to work a day in your life? lol