The red boxes correspond to the project phases were we spend most of our InfoSec dollars today. Do you see the problem with this? We are trying to solve the problem at the most expensive time in the project.
Here is where we should be solving security problems whenever possible: at the beginning. This may seem obvious, but our actions as an industry do not reflect that we have learned this lesson.