In a web application security context, who is responsible for public image and customer trust when an attack occurs?