Motivation

One intrinsic motivation for security is "self-improvement", where the developer challenges one-self to write secure code.

Professional responsibility and concern for users are two extrinsic motivations, where the action is not performed for its inherent enjoyment, but rather to fulfill what the developer views as their responsibility to their profession and to safeguard users' privacy and security.

Lack of resources and the lack of support are two factors that led to a perceived lack of competence in addressing software security.

Lack of interest, relevance, or value in performing security tasks. The lack of relevance could happen when security is not considered one of the developer's everyday duties (not my responsibility), or when security is viewed as another entity's responsibility (security is handled elsewhere), such as another team or team member.