Frank has given a good insight into security in this short review - he talks about the need to plan for security not to just use the features of the software or language being used at the time. This is a key concept and should be obvious. You should always design security solutions based on the need to secure and what needs to be secured. I guess its like saying - I have added a great password policy to the database and audited all of he passwords, they are all strong and now no one can break in and steal the data. But the server is not secured and anyone can get access to the file system and read the raw data files. OK, it's not a very good example but the point is a security solution needs to be designed from he ground up and ideally from day one of a project design not tacked on after project completion. The book talks about threat and counter measure, another angle that most implementers of security do not always consider.
Frank gives some great quotes from the book that he wrote down as he read it. His post again is here.