The weakest link in security is the human factor
This is true. Developers only care about getting their software out in to the market. Security is never in the foresight, rather in the hindsight (deploy and patch the holes later). Not just that, network and sys admins configuring firewall and other security appliances that does not do a thorough analysis will leave their network and systems vulnerable to attackers. Not to mention social engineering :).