Security companies are beginning to attack the problem of software vulnerabilities at the source, the development process. Secure coding programs like Microsoft SDL, OWASP SAMM, and BSIMM save the organization money and time by taking the bugs out at the beginning, and avoid costly incident response nightmares. Chris Wysopal, CTO at Veracode, says “Many of these methodologies are fairly new. Many development organizations don’t have the process rigor or the resources to do anything more formal than use one tool or service as part of the development lifecycle.” A survey done by Errata during RSA shows there is a great demand in the industry for making these secure coding programs more affordable and less resource intensive.
