In “Managing risky business,” I mentioned that when advice on secure development turns out to be flawed or incomplete, smart organizations learn from their mistakes and update the guidance they issue.