The question is whether Sony is really an outlier in terms of security, or if most big corps are getting by with security by obscurity (or no one cares about hacking them).
This level of professional negligence isn't reserved exclusively for megacorps. There's YC companies writing their own PHP frameworks that will enable these flaws to live on for another generation.
They're probably getting away with the appearance of security: if the crackers didn't publicize this, and Sony didn't, we would ever know.
So how many companies who store personal information are being compromised these days? I have a feeling that Sony is not unusual in their level of insecurity.
