Are we addressing the real security problems?
This report from SANS was an eye-opener for me:
http://www.sans.org/top-cyber-security-risks/
Priority One: Client-side software that remains unpatched.
Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, …