Someone posted to the Secure Coding listserv asking whether, with regards to security, “developer education is a lost cause”.
I wanted to share part of Pascal Meunier's response to this.
You can't make good cooking by concentrating on the quality of only one ingredient at a time and say: "I'm not getting a great cake by getting better eggs, so I should not put efforts into getting and using good eggs" (repeat with flour, sugar, butter, leavening, and then despair that you'll never get a great cake :-).
I think this is a very appropriate comment, and not just for security but for development and architecture in general. A well-architected and secure solution both share one major thing in common - there was a high quality of work put in on all fronts.