A wet blanket?

I read a great article in the Sept. 30th edition of the WSJ. Yes, I do occasionally, but not very often, read the WSJ. In the Technology section there was an article by Ben Worthen describing the security group in many organizations and they bad rap they receive. It seems that we security practitioners are sometimes perceived as a "...wet blanket, often swooping in at the last minute to put the kibosh on a project." How rude.

The article goes on to quote several industry folks and some pithy quotes. Bottom line, business people, if you don't want us to stomp all over your precious projects try involving us more than a week from the rollout date of your project. I know the drill, you have a fantastic new web site that's going to increase revenue by 1000% and you don't want the Security group mucking it up. So, you "conveniently" drag your feet showing the specs to the security guys until you think it's too late for them to complain. Imagine your surprise when they find enough security holes to make your project look like Swiss cheese. If you had instead brought them in during the design, coding and testing phases they could have pointed out these issues and they could have been resolved. After all, we all want the same thing.