1) Software vulnerabilities, not network issues, are the main cause of cyber attacks according to surveys. Common software vulnerabilities like buffer overflows and injection attacks allow hackers to exploit programs. 2) Conventional network security mechanisms cannot prevent attacks from software vulnerabilities within programs. Developers often focus on functionality over security and make mistakes like lacking input validation that have led to vulnerabilities for 40+ years. 3) The University of Dayton is working to build security mindfulness for software developers through hands-on courses. Students learn about vulnerabilities and defensive programming techniques to avoid security problems at the design stage.