Just as I finished up a couple of posts decrying the investments being made in lumping device after device on DMZ boundaries for the sake of telling party guests that one subscribes to the security equivalent of the 'Jam of the Month Club,' (AKA Defense-In-Depth) I found a fantastic post on the CERIAS blog where Prof. Eugene Spafford wrote a fantastic piece titled 'Solving Some of the Wrong Problems.'
When I first learned C programming the idea that I had to manage my applications use of memory gave me an intense dislike of the language. To this day I refuse to write anything in C., Of course, I use other "C syntax" languages such as Perl and PHP which in the end are written in that language so I am just a guilty as any C programmer of contributing to the spread of software riddled with security faults.
Which is why I read the writings of security professionals such as Christofer Hoff. I have been reading the "Rational Security" blog only for a short time but in that time I have come to respect this writer thinking. I have often asked myself similar questions about information security.