This may sound radical, but I would argue that we as a security community don't fail enough. Or rather, that we aren't failing in the right way often enough. Interested in understanding what I mean? Have a look at my latest SecurityWeek piece entitled "It's Okay to Fail": http://www.securityweek.com/its-okay-fail-security-problem-cant-be-solved. Hope you enjoy.