Sigh. My first thought when I read the news about who the "retiring" Equifax CEO "blamed" for the breach was "It wasn't me! It was the one-armed IT guy!"
That being said, on the general thrust of the editorial, I think part of the reason why no details are released about the causes of these breaches is more "the software is *OUR* product / proprietary and we don't want to give our competitors insight into how we do things." I know in the past people have bandied about the idea of something along the lines of a "real" professional organization for programmers / IT people, sort of like the AMA or such.
Interesting idea, but I can't see it taking off, not in any meaningful manner. Unlike, say for instance surgery, there are so many different ways to do the same thing (different programming languages, styles, etc.) And again, unlike medicine, it's far, far easier (I think) for errors to creep into software being written than for a Dr to leave a sponge in your chest or miss a stitch. Add to that the "get it out the door yesterday and we'll fix the bugs tomorrow" mentality of many businesses and you get even more errors creeping in (and despite the "fix it tomorrow," well, tomorrow is always tomorrow, never today.)
Maybe the best that software developers / IT staff can hope for is to point out (in writing, of course) what appear to be weak or poor policies (really Equifax? ONE guy was responsible for the patching??) and try to get them changed. Because sadly, businesses tend to think of us as interchangeable with some C-level execs cousin who's "good with computers," except for the business knowledge we already have. Use other breaches and failures as ammo in your fight to get lax policies corrected. If you go to your boss and tell them "if we don't get at least 2 other people involved in making sure security updates get applied in a timely manner, we could end up being the next Equifax of our industry" will carry more weight than "boss, it's been just me handling updates, what happens if I go on vacation and a big apply this now security update comes out while I'm gone?" In the case of the latter, the boss will likely say "enh, we'll be fine until you get back, don't worry about it."
And then the company gets breached while you were in Cancun, a couple days / weeks / months later it gets discovered, and you've just become the CEOs "one-armed IT guy" whose fault it was. CEO gets their golden parachute, you get a cardboard box and 15 minutes with a security guard to clean out your desk and a resume-stain...