It wasn't that I thought one particular cataclysmic event has changed our course for the better. Rather, it was an accumulation of smaller observations and developments:
-- Writers and bloggers like Jeremiah Grossman, Hugh Thompson, Gary McGraw (and many others) have done great work shedding light on the topic.
-- , the open Web application security project, has established chapters around the world, and its Top Ten Vulnerability list is ever more widely disseminated.
-- recently set forth a new certification covering application lifecycle security issues.
-- Both source-code analysis tools and application vulnerability scanners and services can help find flaws on either end of development and deployment. These technologies are maturing quickly.