>I guess software engineers and technical experts cannot be trusted anymore to keep their machines safe. :-/

When SEs could be trusted?

We run so much 3rd party code that it would be insane to expect SEs to verify it.

Security industry is also heavy of bullshit

Instead of performing reviews they run some "scanners" and fill checkboxes