Self-taught programmers are no better, and can be worse. I am confident that the code I wrote as a self-taught programmer twenty years ago is far worse (in security terms and many other ways) than the code I wrote after an undergraduate degree fifteen years ago. Formal education is a good place to inculcate good practices that lead to better security.
It's the job that makes the difference most of all. Microsoft made a big difference to its security outcomes by emphasising security in the job, giving people the tools to write better code, allowing people to "stop ship" for a security bug, and so on. If Samsung says "It works, who cares?" then that attitude percolates down to the people writing the code and unless they're superheroes they will skimp on security.
If the job isn't great in other ways chances are Samsung also ends up accumulating a lot of non-programmers. It doesn't really matter whether they have a degree, or did a 3-month course, or "self-taught", there are a remarkable number of candidates for entry level programming jobs who cannot write programs. Companies that don't make you write code in interview and don't pre-screen for ability end up with a head count of "programmers" you wouldn't trust to write Hello World. Obviously nobody is going to give the job of writing a Linux kernel driver to the idiot that management hired who struggles to remember to put a semi-colon at the end of lines, but the stress of clearing up after such people can mean those who would get assigned the driver job don't have the time to do it well.