In practice, this means there's no significant difference between ... failure to build security into software from the start to the finish of the software development life cycle.