So here we are that still-early, not-so-new part of the year, when the resolutions that wash over us in the giddy, early days of a year year start to wane. It's make or break time for resolutions.

Plenty of them won't make it through the year. But sometimes the year that just closed out was so pivotal on its own that resolutions just happen. And stick. I think this is going to be one of those years, on a personal level and for the technology industry's IT sector.

So, if a steely resolve came over you this year, may you enjoy the change you're bringing to your life, and the industry.

If you're a programmer, developer or technology professional, I also hope your resolutions for your profession touch these three areas:

1. Elevate software engineering's best practices;

2. Treat Network security as National Security (and do so by thinking globally, and acting locally);

3. Spend more face time with your software's end users;

As for #1, 30 of the most respected security organizations just released U.S. and international cyber security organizations just released a list of the most common programming errors that constitute the bulk of security problems with software today. It's a real eye-opener.

In one helpful passage that does more than just put the issue in context -- call it high relief -- the SAN announcement asked several of the participants why they think this effort is that important.

This one by Tony Sager of the National Security Agency's Information Assurance Directorate, caught my eye:

There needs to be a move away from reacting to thousands of individual vulnerabilities, and to focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. Such a list allows the targeting of improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where they can be solved on a large scale and cost-effectively.

The SAN report went on:

"Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.

The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies." Other errors include CWE-89, failure to preserve SQL query structure, which gives rise to SQL injection attacks, one of the favorite attacks of hackers.

As our Richard Adhikari reported, the list comes amid heightened concerns about Internet security. Experts have expressed fears that cybercriminals will have a bonanza year in 2009 because governments are preoccupied with the global recession.

This is why security, and improving how programmers design software, are resolutions that I'll be following in 2009, and hoping to see improved in a dramatic way this year.

Change, I’ve found, happens in little increments, which then grow into dramatic differences. But they start in little steps.