I disagree. Preventing vulnerabilities is not primarily an "attitude problem." Writing code is hard enough as it is, and writing flawless code that can withstand hostile attacks is really hard. Odds favor vulnerability existence, and when bad ones are inevitably discovered in production systems people always claim the whole process is broken.
The demand for "safe"[0] software is going to reach critical mass sooner or later. The question is if it's going to be solved by good tools, processes and education or app stores, insurance ratings and regulation. Software isn't much different from other types of infrastructure.
That being said, this one is pretty bad.