protection. In most corporate cases it's the management pushing the coders who create the problems, so they also have to be in the line of fire. But a person or company that releases software with a KNOWN vulnerability are as responsible for it's misuse as the hacker who later uses that hole.