Seriously....
"Most infosec researchers who have dug into the the terminal-smartcard authentication procedure have found that vulnerabilities are often introduced during development. "
Why did I just read this on The Register?
When the hell else are vulnerabilities going to be introduced? During installation? During shipping? During QA?