It is just insecure programming by the coder? Or can the coder compromise their code even with perfect code by API vulnerabilities?
It seems easy enough to make secure code on my personal projects. Is it simply that the more complicated a project is, the more chance for a security vulnerability to be introduced?
Basically are security issues, in general, a result of bad programming and avoidable by simply writing safe code? Or are they inevitable with systems as complex as the ones used in a modern production environment, and good code can only reduce their prevalence?