I only skimmed this article (mostly because of where it came from), but I really caught this line:
No one has a business interest in catching identity thieves or malware
writers. There’s no money in it, so no-one’s bothered.
I would also add, while some of us would help and/or deal with threats, we just can’t or don’t have that authority. Bejtlich is one of the notables who talks about dealing with the threats instead of vulnerabilities. He makes a ton of sense and I agree with him, in theory, I just don’t think most of us have any opportunity to deal with the threats beyond identifying them with guesses.