What Mike's company did was a little extreme. Most organizations cannot take three to six months to review all their software and keep customers satisfied. Others lack the configuration management procedures to support this task. Whatever the reason, you should look at your organization's software development infrastructure and take the steps to improve the programming process.
If the process does not have the management controls and procedures to support these efforts, start there. Having the support of management is important to communicating new procedures and showing commitment. Once that is completed, the development environment can be updated, enforcing the four steps I discussed in this article.
However you go about implementing these changes, remember that security is a process. This process has to be supported in all areas of the organization. Software development is no different. By starting with simple steps, you can help mitigate a good portion of the potential for security violations that stem from problems in software.