Steve, Ever the optimist! While I hope you are correct and that things are improving, I think what really matters is that we have done so poorly for so long that it would require replacing just about everything, or a huge amount of time fixing issues, before our country alone is secure. I assume all other countries have similar issues. If we can't prevent china, germany and even our allies from attacking our infrastructure due to absolutely horrible coding, can we really believe that our "unimportant" business software is secure? I doubt it.
I would guess that there are companies that are trying, companies that don't care at all, and lots in between those extremes. Odds are nobody has something perfectly secure unless it isn't connected to anything.
Given your last article on the laziness in reviewing employees, which is one of the primary tasks for management, how can we believe those same people listen when we inform them of security risks that need to be resolved.
I am not saying that we are not seeing improvement, nor am I disagreeing with you, just saying that the US is sort of like an ER patient that is bleeding all over from an accident, has multiple gunshot wounds from people shooting at him, a couple of viruses (I say it should be virii!) attacking him internally, there aren't enough nurses or doctors to work on all the issues he has, and the manager of the ER wants the staff to attend a meeting about the company picnic - patients be dammed!