Re: Securing Databases
What Alter Ego said. When security is added later, sometimes it doesn't make the final product.
I've seen platform software that was delivered on schedule, passed User Acceptance Testing, and was given to Operations to deploy. Problems were caught by Ops in their security review. And nobody had both responsibility and authority to halt deployment until security was fixed.
Security can be done properly, but it needs equal status with other management priorities. Security costs are easy to pass down the line (or "externalize"), and hard to quantify. It can be tough to justify against the bottom line.