Originally posted here by souleman
Though you could say that some times the flaws are there on purpose. Sometimes its not a flaw but a back door, in which case its not a "human error". When ssh was trojaned, people that made updates installed the back door. It wasn't actually human error, they did what they were supposed to do.
besides the cases of 'human error' when errors occur in the underlying technology or in the application of the usage procedures for it there is another class of error, similar to the one pointed out by souleman - management error. It might be a clear dedication of management to focus on system features and not on security (which OS comes to mind?), or it could be a wrong risk assessment or implementation leading to the decision not to address a certain vulnerability for (incorrect) business reasons, or it can be a simple oversight - forgetting to do something (e.g. monitoring of security procedure compliance)