I'm wondering why developers don't make their software secure by default.
MongoDB (just as an example) isn't even shipped with authentication.
I understand that it is easier to set it up and test it out. But it is even more complicated to make the installation secure afterwards.
Do you have any examples for other software which is insecure by default?
Where do you get information about how to make your installed software safe and protect it against attackers?