There are several aspects to security that are (mainly) relevant to the design space.

There are also security issues in the implemenation space, for example using the correct coding paradigms.

Large parts of our code base have not beed audited, either manually or in an automated fashion.

Unit testing is one aspect: testing for reliably failing for invalid input.

Code analysis is another aspect.

All publically usable interfaces provide attacking targets. This includes all system calls and RPC interfaces.

Fuzzing techniques can be use for locating possible issues; see discussion on the code analysis page.