The First Step on the Road to More Secure Software is admitting you have a Problem

I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones' vulnerability analysis and the lack of security progress by our competitors.