https://www.theregister.co.uk/2018/07/16/who_is_the_weakest_link_in_software_security/

Study In the early years of software development, you would often design it, build it, and only then think about how to secure it.

This was arguably fine in the in the days of monolithic applications and closed networks, when good perimeter-based protection and effective identity and access management would get you a long way towards minimising the risk. In today's highly connected, API-driven application environments, though, any given software component or service can be invoked and potentially abused in so many different ways.