Network vs. Application

I had an interesting conversation with a friend in the industry today. Redacted, it went something like this:

Me: "Maybe it'd be a good idea to auto-scan a game for vulnerabilities with each build during development."
Him: "We do a pretty good job of making sure our firewall is secure at my company, so I don't think that's necessary."

He's right. I'm right. And we're clearly talking about two very different subjects.

I've definitely noticed that awareness/paranoia about security issues in my industry are decidedly conflated, or at least skewed toward protecting the company network, and away from analyzing the software we develop. Since I'm not in the security field, I'm not sure if this is common across the IT board.

Do most software or SaaS developers have this odd bias? Do MMO developers or casual/web games developers have more sophistication in their security strategy? Is it just another version of the "we just make games, so no one wants to hurt us" mentality?