Developers are pressed for producing more secure code, but do not receive support from stakeholders, management and even from the very manufacturers who produce the tools used to write applications. What can go wrong when even the official documentation for a product is wrong regarding security aspects?