Twenty years and SQL Injection is still a thing. Why is it so hard getting things right? What seems to be the root cause of things, and are we getting any better? What if we simply copy-paste code from Stackoverflow? Using Google as aid? What about the techie books that teach us how to develop, and all the courses and institutions that promise us to code like a pro? In this talk we will zoom in on how mistakes are made, and why it can be so crazy hard to get things right.