Trends in security code reviews?

From: Bit Tamer (NO_deemaq_at_yahoo.comSPAM)
Date: 01/29/05


Date: Sat, 29 Jan 2005 00:55:17 GMT

I am looking for pointers to info about how many companies are doing
security code reviews (as a normal part of software development) now
compared to 2003 or 2002. I would expect that the number is increasing, but
would like some credible background info. Along those lines, can there be a
way to assess how many professionals are truly qualified to do security code
reviews?

Also, does anyone have pointers to info that shows losses incurred by
companies that don't do security code reviews compared to companies that do?

And yes, I'm looking for this info to help justify to management that
implementing a software security program will provide a positive ROSI
(Return on Security Investment).

Thanks for any information.

Bit Tamer, CISSP