The adage that security companies are often worse at software security than the median non-security company continues to hold water.