Security management and efforts to make users slightly more clueful jump out as to efforts that could have large impact on operational security. But, even without perfect products, look how much of the malware problem can not be eliminated by improving security quality or reducing vulnerabilities. This really emphasizes how important other security disciplines are to the goal of protecting computers from malware. The remainder of managing security risk (55%) depends on other factors completely. The bottom two bars are vulnerability, or software quality, related, related.”]
Source: https://www.csoonline.com/article/2136939/the-80-20-of-managing-software-risk.html