Maybe code quality shouldn't be considered cybersecurity in the first place?

When things are tagged "cybersecurity", compliance/budget/manager/dashboard/education/certification are the usual response...

I don't think it would be an appropriate response for code quality issues, and it would likely escape the hands of the very people who can fix code quality issues, ie. developers.