are we there yet

I’ve seen a few “wide scope” posts lately about the state of security, but this one has some of the best points in it, and presents them very well. Mostly I just want to save this for my own use in the future.
Just one comment on it. Items 14 and 15 talk about how we cannot seem to agree, as a field, on best practices. Those posts are illustrated in item 2 on disclosure practices. Many of us understand both sides of the equation and even the grey area in between, but yet we still fall on all sides of the debate. Sometimes there is really no universally correct answer…especially in such a complex field as IT and security.