Why traditional security doesn't work for SOA -- This is a good article on security challenges in Service Oriented Architecture (SOA). Oracle does provide an excellent security product in the SOA Suite (Oracle Web Services Security Manager or OWSM aka "awesome").
Security vs Development -- Perhaps the best story I have ever read on discussing the real challenges facing software development. I think we need to focus security at developer education level but I think it needs to be done in a way where the actual focus is to adopt frameworks. For example if you are writing Java server applications - make sure at the very least adopt JAAS or Spring Security (if you are using Spring). If you are on .NET - leverage the .NET Security framework. And we're working hard now on making it even easier for developers to take advantage of the benefits identity virtualization can provide to simplify the developer lifecycle process (e.g. from dev, to test, to production).
