Getting developers to care about security is tough. They are inundated with security best practices to implement in their applications. Most of the time, they have a checklist mentality - a list of items to complete. Less often is there a genuine understanding of the desired outcome or the spirit behind each security control. The result? Production applications comply with company policy, but still contain dangerous vulnerabilities that hackers can exploit.At Aspect, we think a lot about how to help application architects, developers and security professionals understand - really understand - the root causes of the most serious vulnerabilities used by hackers today. How do we move past rote memorization and checklists?