I’d bet good money that at leasy 2/3 of all software ever made, the decision makers couldn’t care less about security beyond "let’s get that checkbox to show we care in case we get sued". Higher velocity >> tech debt and bugginess unless you work at nasa or you're writing software for a defibrillator, especially in the current "nothing matters more than next quarter results".

I have worked over two decades creating government software, and I can say that this is not new.

Security (and accessibility) are reluctant minimum effort check boxes at best. However, my experience is focused on court management software, so maybe these aspects are taken more seriously in other areas of government software.

Yes pretty much. See the Windows 11 security vulnerability chaos going on.

> the new norm

More like the same as it always has been.

Always has been.