Attacking software is really attacking the software development process. The adversary is looking to take advantage of software defects before those defects are repaired. This paper explores the attack timeline.