You are right. No one is talking about absolute 100% security here. The top 25 is the most egregious and easily remedied defects. These are the easy ones folks. Ones we know alot about and know how to prevent.

We need software to be free of them because organizations are under attack through application vulnerabilities. Has anyone heard of Google/Aurora or Heartland Payment Systems? Both organizations were breached through software defects.

When the environment changes software needs to change. You wouldn't take a regular car off road into a military usage and expect it to perform well. We are expecting the software process to not change (too expensive, too hard, 100% security is impossible) yet perform well under constant scrutiny and attack.

We need to change how we build software and having customers set security requirements is the best way to do it.

-Chris

The technology trend is for government to afford it and then within 10 years typically upper class citizens can afford it, and then within 20 years middle class citizens can afford it. This means soon we will have wealthy people or well funded criminals battling these robots with their own robot armys. This is going to get crazy.

Will countermeasures become illegal? Can I EMP these suckers?