Jen Easterly's Glasswing analysis opens with the sharpest diagnosis of cybersecurity published this decade:

"We do not actually have a cybersecurity problem so much as a software quality problem. For decades, we have built an enormous global industry to defend, detect, and respond to vulnerabilities — flaws and defects in software — that should never have existed in the first place."

And later:

"The long-term goal cannot be simply to use AI to clean up yesterday's insecure code more efficiently. It must be to use AI to move security to the point of creation — to help developers write better, safer, more resilient software from the start. To shift from an aftermarket of cybersecurity to a world in which security is built in upstream, not bolted on downstream."

The diagnosis is correct. The destination is correct.