This document discusses security issues and failures across different domains including web commerce, industrial control systems, consumers, and software. It notes that all software has bugs, some of which will have security impacts. It concludes that product owners prioritize functionality over security and investors do not highly value security. The document recommends steps organizations can take to improve security including adopting the SANS Top 20 Critical Controls and implementing practices for secure software development environments.