I thought a national discussion about secure programming was important, despite that it's not specifically about open source.

Homeland Security's Build Security In, Microsoft's Software Development Lifecycle (SDLC), BSIMM, and now OpenSAMM: Secure application development programs are spreading amid calls for more secure code.

The practice of writing applications from the ground up with security in mind remains in its infancy, even with software giant Microsoft leading the charge by sharing its internal Software Development Lifecycle framework in the form of free models and tools for third-party application developers and customers in the spirit of promoting more secure software.

Now financial services firms are comparing notes and sharing their secure coding strategies and experiences in the new Building Security In Maturity Model (BSIMM) program spearheaded by Cigital and Fortify Software.

But in a recession fraught with shrinking budgets, it's unclear whether companies can afford to invest in secure development initiatives. In an as-yet unpublished survey by Forrester Research and Veracode, 45 percent of organizations said that application security is a significant part of their overall security strategy, but that they will likely be scaling back those initiatives in their next budget cycle. Around 18 percent of these organizations said their funding for app security will remain intact.

The link for this article located at DarkReading is no longer available.