My comments on this post: http://venturebeat.com/2013/04/06/developer-first-security/
Three are the sources for vulnerabilities:
• badly designed protocols
• badly written code
• badly administered systems
Too much focus has been given to the third point: security polocies (PCI DSS), security appliances (firewalls, IDS...), security software layers (SELinux).
However, must of the current security issues have their origin in the other two points.
Security is nothing you can buy or rent. It's as simple as the process of doing our jobs right.
That means quality, not as an added thing, but as a way of living.
This has been known to the OpenBSD Team since 1996, which has been pursuing correctness since then.
This must be obvious in 2013, don't you think?