Perhaps he should watch this TED video to feel better about it all:
Elizabeth Gilbert: A new way to think about creativity
http://www.youtube.com/watch?feature=player_embedded&v=86x-u-tz0MA

Amen. As a person who bids a lot, I've seen the shoddy guy win too many times, and then had to fix it.

If only that were the case. As usual, let's go with the car analagy. A person gets a ticket for speeding. That may slow them down for a week or two, but they will enevitably be speeding again when they are in a rush, or old habits take over. Fines are a slight deterrent, but they are in no way the most effective discipline method.

Now, on to corporations. They are trying to make money. they want the lowest price. In fact, they are basically required to get it in most situations. They are told constantly by their investors that they need to maximize shareholder value. That means doing the most with the least. Actually, this doesn't just apply to corporations, here in America, I work with bidding to a lot of schools. I may do far better work, but if my price is $10 over the other guys, he wins, and does his shoddy install. This is maximizing their "investor" value (taxpayers).

They are certainly not going to fund their own internal small web development team. Let's add up the prices. Let's say there are 2 people in it and a new manager. We'll say that the two devs make $50K/year, and the manager makes $60K. Then we tack on $25K per person for taxes and benefits. That's $185,000.00 per year for team, every single year. No way is that going to fly, if they only get fined $250,000.00 once per every 10 years or something.

So, no, fines will not change things in corporate culture. It is a nice dream, but a dream nonetheless.

I agree that would be far better. However, in reality, it sometimes fails. This can be due to feature creep, overly high workloads (esp at some sweatshop web companies, like HIT/Heritage used to be - I dealt with them once, and wish I could have run away, but it wasn't my money), a library that got changed, or even some junior developer committing his code by mistake and having it appear in production when he meant to send it to his super.

SQL injection still appears to happen almost constantly, even though most web languages have very good safeguards against it, and high profile places still show vulnerabilities, so it is still high on the list of security flaws next to XSS.

I've been on both sides - times when I have the time to write good clean code, which has everything completely buttoned up. But I've also been a victim of those times I echoed a variable in testing and it appeared in production when just the right situation arose. I'm not proud of it, but no one is perfect. Being up all night hunting down an obscure bug means sometimes you don't clean things out the way you should.

I wish I had the leisure to take my time at it. However, reality can be the boss and the client screaming their heads off, as you try to fix a showstopper in a feature or form that was added last minute by sales due to a miscommunication, or unseen need. Companies are less people do more work, not the other way around.

So, a web developer that was hired from outside screwed up his code. That happens almost every day. If not far more often.

Seriously, if companies were to get fined for every bad piece of code or stupid bobby tables vulnerability (obligatory xkcd reference), they would all go out of existence. Mistakes and bad code happen, especially with outside contactors. Are they going to start fining companies for not encrypting hard drives too?

20 people COULD have been affected, and this is supposedly big news. However, thousands of people were affected by the far more intrusive credit card breaches that seem to happen almost monthly. I think the ICO should be focusing their resources elsewhere.

You haven't been keeping up. This is still easily attacked, as discussed here last month.

http://it.slashdot.org/story/12/03/14/1353230/multiword-passwords-secure-or-not

Still more clear than 4K digital at that size. In this case, analog has it's benefits.

Not Really... I just raised one in New England two weeks ago. We had 13 people up top pulling, 10 more below helping to pull, and numerous other people who were assisting below to keep the screen surface raised as much as possible. There easily need to be that many, as the screen is extremely heavy and difficult to pull up as a dead load. Additionally, ours had a silver surface for 3D, which means you can't touch the screen or you will ruin it.

Then there was the joy of bringing a 60' box holding the screen through a mall, raising it 2 stories in a food court all night, and then raising up the screen itself...

Tell them that they will open source the code with their name pegged to it. Better yet, tell them you will send it to their college professors and any company that calls asking for employment verification...

I write a very small codebase, but it is used in webpages, so I know that others will see it. The embarrassment of ugly and badly commented code alone makes me keep my documentation up to date.