A new report this week from ITC reveals that eighty-five percent of IT security decision makers think that losing data via an external threat is  "very unlikely." Wow. Once upon a time, anyone involved in application security had a need to educate potential customers on why application security was important. You remember. It's not the network layer anymore...the application layer is where the attacks are occurring. That hasn't changed. It's one thing to think that your internal threats are greater than your external threats. What with 'curious' employees and such, that's understandable. But it's something else entirely to think that external threats simply aren't relevant. I'm sure the company that rhymes with smartland payment blisstyms thought so, too.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=220301560