I tell you what. I can save you $250000 dollars. Quite simple:
1. How about you take security of your software seriously at the design phase, instead of hurrying them to the market and then spending the entire life of the product relentlessly patching them?
2. How about you stop pandering to your marketing department, stop adding needless silly new features, and concentrate on the core of the software and do a good job of it?
3. How about you leave in place features which have been part of your software for years, and which have been, by now, sorted out security wise - instead of dicking about and changing things for the sake of changing (sorry, I think you call it innovation) - just to discover you've opened new security holes? Many changes from XP to Vista to Windows 7 come in mind - which have absolutely no functional advantage. Just change for the sake of making things different.
4. How about you stop trying to re-invent a rounder wheel - and you learn from people who've been there and done it before? Unix world used and uses a (relatively) simple security architecture, every file has strict permissions and insists on never running as root/admin. Instead of listening to that from the beginning, you've tried any variation under the sun - just to arrive to (almost) the same principle - 20 years later. Sometimes there is no "easy" way - just the proper way to do things.
5. How about you release software when it's actually ready - not when you want more money?
6. How about you think through properly important architectural decisions - instead of applying "quick fixes" on so many things that you do - just so that you end up rehashing the same thing again and again with every version of your software until you get it right. One simple example is the location of program data (not binaries), accessible to all users on the local machine. It has been absolutely all over the place - including in "program files" over the years. Finally somebody figured that a separate folder called "program data" is what was needed. Just like /var under Unix. Was it that difficult to figure that one out that it took 20 years?
There you go - you can thank me later.