There is fundamental conundrum with software security. Nobody wants it and many view security as something that prevents them from getting their job done. Security isn't useful in and of itself, it only has value when protecting applications.
There is an often referenced meme that software "should just work", but security makes that ideal difficult to achieve. Users have to deal with passwords, private keys, group permissions, port restrictions, and on and on. And sometimes systems fail for no easy to explain reason.
Microsoft takes a lot (although often deserved) abuse about their security, but I'm sure the reason is that improved security prevented software from just working and so it was given a low priority.