AV Companies Compromised This Week

This bit of news caught my eye this week. I can't help but feel this is all very avoidable, especially for a security vendor. Web Application Firewalls which sanity check web input value and data have been around for years now to prevent SQL injection attacks. We've sold them since 2005 ! Cheaper than a code review any day of the week...and a bit quicker to implement...imagine all of those scared techies at 'not so F-Secure' and Kaspersky running around. Maybe this is just the start of a trend along the lines of 'laptops and memory sticks' on trains...and then follow up emails from disk/media encryption vendors saying 'told you so' :-(