It was just naturally to read the following post "Oil Change or Culture Change?". Some time in the past I had a discussion with a Microsoft employee. Amongst other questions I mentioned that SDL and other security frameworks can hardly be used outside MS.
Why? MS people apparently tell us the same and they came to a conclusion that there is a misunderstanding of a security problems importance on the CxO level and on the customer's level at the same time. I think CxO level is quite adequate. They raise money. Poor customers....
The final pasage is well turned: "A final note to help illustrate my point – for those of you that are old enough to remember, there was an old TV commercial for Fram Oil Filters that showed a mechanic working on the tear down of some old beater. At the end of the commercial, the mechanic turns to the camera and says, "You can pay me now, or you can pay me later..." "
The whole article can be found here: http://blogs.msdn.com/sdl/archive/2007/05/31/oil-change-or-culture-change.aspx