There was an interesting blog post from Rich Mogull a few months ago about the security community not putting enough effort on defense related research as we normally see for offense.