I have been approached by few security professionals about the problem they encounter in getting software developers to fix the vulnerabilities that is detected in the application.

Let us accept the fact that developers are mostly busy focusing their time and effort on the functionality of application. Most of the time the software development manager gets away by using the busy excuse. One approach that I suggest you could  is to rank the vulnerabilities based on "severity" (how bad if the vulnerability is exploited) and "threat" (how likely the vulnerability exploit is) and communicate this list to the software development team. Give the software development manager time to fix the vulnerabilities - usually the time that the software development manager thinks that is acceptable.

If the vulnerabilities are not acted up on despite of your first meeting, then try this route: require the software development manager and the business owner of the application to sign a business risk acceptance form. The risk acceptance form could be as simple as a word document with a list of high severity/threat vulnerabilities and a narrative that states that signatories of the form acknowledge the existence of vulnerabilities (that you communicated) and have accepted the risk (posed by the vulnerabilities) for a time period specified in the form. This way as a security professional you are covered that you did your job in communicating the security risk to the stakeholders. Now that they have signed on the form if something bad  event happens the accountability of the event is outside of you.

You may find out that, business risk acceptance form is a good tool to motivate software development manager - would mobilize resources to act on vulnerabilities rather than sign the business risk acceptance form . 

Web 2.0 has become a well accepted jargon in the current marketplace. It is a set of new web based technologies that enable building of on-line communities.

Web 2.0 is a democracy of user communities [thanks to Paul Graham for his definition]. Web 2.0 gives more power for the users to interact, customize, share and leverage.

The democratization of users bring significant problems.

1. Loss of privacy: Ease of use motivates users to upload personal information. Many users are not aware of ramifications of loss of personal information or they don't even think on those lines. A good example is an employer going through the Facebook entry of a potential hire.

2. Hackers Paradise: New technology brings new vulnerabilities. Hackers are having a party exploiting Web 2.0 based applications. We are more vulnerable with Web 2.0 currently than with Web 1.0.

3. Lots of Junk: Take for example Wikipedia, anyone/anywhere can edit the content [everybody is an expert!]. How can I trust the quality of information? It is not possible to reference Wikipedia in a research paper. Moreover, it puts burden on the users to sift good and bad stuff.

4. Copyright/Intellectual Property Violations: I don't have to say much about this. Web 2.0 provides a platform for such violations and magnifies the impact [Record label sues Napster, Viacom sues Google over YouTube clips].

5. Other Social Problems: People can interact on-line in ways that was not possible before. These new interactions create new set of social problems.

and many more problems that can make my blog post long and boring..

Some of the above aspects can be addressed: for example building web applications securely ground up can help prevent hackers. Designing Web 2.0 application to ensure users use the platform responsibly is a good idea too. Spreading security awareness education to on-line communities can help engender responsible/secure use of the web.

Security should be a feature added to Web 2.0 and let's call Web 2.T3. The "T3" represents the security triad - Confidentiality, Integrity and Availability. 

Though security does not address all aspects of Web 2.0. Web 2.T3 surely will be  a better place to live.