I don't see much value in this essay. What makes sense is rather old hat, and points like #3 are downright absurd, boiling down to, "You can't make a system more secure by finding weaknesses and correcting them - you must make the system magically devoid of weaknesses to begin with."
Somehow, if there was much of a way of doing that with non-trivial programs, I don't think we'd have security exploits anymore.
But the author mentioned qmail, which is an application that was built "secure by design", is non-trivial, and hasn't had many bugs.
This is a little paper by the author of qmail:
http://cr.yp.to/qmail/qmailsec-20071101.pdf
Somehow, if there was much of a way of doing that with non-trivial programs, I don't think we'd have security exploits anymore.