The usual case for software development the last decade is developers who don't fully understand what they're doing, and are mostly focused on resume-driven-development (RDD) and looking good in Agile sprint standups.
Noteworthy exceptions: FAANG promotion bid orientation, and VC growth startup alignment towards shipping something to look like growth towards exit.
In a small minority of cases, you have developers who know what they are doing, and are thinking rigorously.
The norm isn't big-meanie Product making (forthright, courageous, photogenic) developers ship negligent security vulnerabilities, against developers' protests. Developers are at least as much responsible as Product.
Noteworthy exceptions: FAANG promotion bid orientation, and VC growth startup alignment towards shipping something to look like growth towards exit.
In a small minority of cases, you have developers who know what they are doing, and are thinking rigorously.
The norm isn't big-meanie Product making (forthright, courageous, photogenic) developers ship negligent security vulnerabilities, against developers' protests. Developers are at least as much responsible as Product.