Re: Nobody wants...
As a software test engineer, can I just say that you all are correct and you need to be heard.
Good testers are like rocking horse shit, I've been through a lot of interviews to find people who can actually test. There're companies who think that they don't need to do integration or regression testing and that if anything goes wrong, they'll just patch it in the next sprint. These companies seem to think that unit testing and TDD can find every bug. They are wrong. They're great tools, but they're an adjunct to proper testing, not a replacement for it. A tester is not just the user's proxy in the development flow, they're the adversary's proxy too. If we don't try and attack the product and use it, you're letting the public have a go.
I also agree about black box testing, I try as much as possible to not look at our source repos, because when I know how it's expected to behave, that biases me to test it in that way. I like to test the processes of a user or attacker, not the expected code paths. That said there is definitely a place for whitebox testing where you do proper static analysis and identify as many code paths as are practical to test.
Testing does not, and cannot, guarantee quality or security, but it's a hell of a lot better than the alternative.
I sort of went off on one there, sorry.