Security Curve Weblog: "Fox in the snow, where do you go?": "A vulnerable browser, an exposure with no patch, a catastrophe for FireFox? And this is a surprise? Hey, since when did any of us believe security by obscurity is a good thing?
What do attackers tend to target? The most 'props' (or financially) worthy 'sploits. Think FireFox or Mac OS X are secure? Think again.
Sorry to beat a drum here - but weaving security into the SDLC, understanding the requirements, use cases, production environment, and checking for potential defects early in (and throughout) the process, is the only way we're going to get a real handle on software faults and subsequently application failures. For anyone who thinks using a marginally adopted application or OS, one that wasn't designed by the 'machine' over in Seattle, is going to get us all a free pass to the land of security. Think again.
This is about thinking about security from the ground up - it's not about blindly accepting any thing, or application, without question."
(From my Burton Group colleague Diana Kelley)