The key idea here is
the formal methods themselves, while in many cases
not practical, do lead to very
practical approaches. They show you where to
look and what to look for, how to check for things, how not to check for things, what to check for, and how to test programs. You can build upon this and you should when you're designing
and writing secure programs.