Here are the 13 Inconvenient Truth(s) mentioned on that presentation (I'm not sure if I should be encouraged that I made some good points, or depressed on how little progress we have done in Application security over the past 7 years)
- #1 There are no metrics!
- #2 Global Warming ~ Software InSecurity
- #3 Secure software doesn’t make business sense
- #4 Our systems are safe today
- #5 We will be doomed!
- #6 The attacker's business model is still immature
- #7 Physical Extremism doesn't scale (but Digital Extremism does)
- #8 We need better engineering
- #9 We need containment
- #10 Open Source security is a myth
- #11 Most Source Code must be disclosed
- #12 Most IT Security products have negative ROI
- #13 The 'digital Armageddon' will never happen
Here is the full presentation: