defect vs vulnerability

In developing applications and working with a QA team as well as dealing with security I see the very good point in this article, defect vs vulnerability. I think all web developers need to worry about security to some point. Part of it will depend on what type of application you are developing and the other is what industry you are in. A good phrase for me to keep things in perspective is "Security is about risk management.". It's nice to know how a specific security flaw works especially as a developer but a developer serves the business so don't lose sight of the risk. Don't get caught up in the technical aspect of all security flaws b/c you will miss the boat on what risk you need to manage for your application.