Emily Ratliff answers that question with a resounding “no” in this article over on SecurityWeek, citing examples of how we’ve failed miserably to get the message across with “security papers” and discussing the OWASP Top 10 vulnerabilities in web applications and how much has (not) changed over a ten-year period. Check it out here:
http://www.securityweek.com/no-exit-case-moving-security-information-front-and-center