"The real lesson is that the patch treadmill doesn't work, and
it hasn't for years. This cycle of finding security holes and
rushing to patch them before the bad guys exploit those
vulnerabilities is expensive, inefficient and incomplete. We need
to design security into our systems right from the beginning. We
need assurance. We need security engineers involved in system
design. This process won't prevent every vulnerability, but it's
much more secure -- and cheaper -- than the patch treadmill we're
all on now."