Organisations are adopting secure programming practices, a report from Errata Security has found.
In the survey of 46 software developers, 86% of the participants said their organisation had sent one or more members of the software development team to security training in a recent or current cycle. However, only eight out of 46 participants said that their organisation sent upper management level employees to training.
The survey showed that the most popular form of security testing was static analysis (57%), followed by security code reviews(51%), manual penetration testing (47%) and final security review/audit (41%).
Richard Kirk, European director at application vulnerability specialist Fortify, said the research showed the uptake of software security assurance platforms from companies such as Microsoft was moving forward.
He said Fortify's observations have shown that the main causes of software vulnerabilities stem from the early stages of the software development lifecycle.
"Our own research tells us time and time again about the need for regular code auditing as part of a development process, as this ensures that software that is being developed is inherently secure," said Kirk.