The research summarised in this report illustrates, very clearly, that a majority of organizations recognize that rapidly changing business and regulatory demands are driving a need to modify how security is managed in their software development processes. In particular, it reveals that the traditional approach of testing security at the end of the development process, if at all, is no longer sufficient. Instead a clear majority recognize that security now needs to be embedded throughout the development lifecycle, not tagged on, often hurriedly, at the end.
