Data-Centric Vulnerability Management
The "Security" of an application means different things to different audiences. Were secure coding techniques used? Was the application deployed on appropriately hardened servers? Do network or other infrastructure flaws allow users to bypass application controls? Does the application expose sensitive information without appropriate safeguards? Great questions, but they really miss the point. The point is that the focus should be on the protection of data. Data is the lifeblood of 21st century business and rather than looking for how data is protected in the context of an application, one should be examining how data is protected through it's lifecycle in the organization from the time that the data is created through to its destruction at the end of its life.