The scary thing is indeed that most software companies do not have security experts nor the means to hire ones and are basically defenseless against such attacks. Kind of reminiscent of patent trolls.

tldr version of the article: http://tldr.io/tldrs/50b6e4acbb22039977000f5b