IT security is an on going issue that seems to trouble everybody these days. I work mostly counseling a lot of companies on good and bad policies for their networks and try to keep in mind how to implement those that keep the users safe from the malicious worms, spywares and suspicious mail. I recently came on to an article written by Marcus Ranum, named "The Six Dumbest Ideas in Computer Security"
where he takes a step back from just patching flaws and really taking a good look at the problem at heart; bad design. Because if we actually started thinking this way, alot of todays problems could be yesterday's headache. He seems to pin the problem right on target stating; "if 'Penetrate and Patch' was effective, we would have run out of security bugs in Internet Explorer by now". You can find the article here
on his personal webpage.