I must be a magnitude 10 heretic
"Threats can be minimised with a well-thought-out patching strategy, regular penetration testing, layered security defences, threat intelligence sharing and a strategy for introducing new technologies."
That all sounds like locking the stables after the proverbial horse has already bolted.
As necessary as the items in the above list from HP are, they seem to be rather studiously ignoring the real first line of threat minimization.
How about suggesting that people run good code. Isn't it far better to write good code rather than install and patch?
It is easier to build the system secure (or correct) than to try to retrofit security onto a deployed system.