There's an interesting article out on Net-Security.org (see the full article at http://www.net-security.org/article.php?id=697) that addresses why software development organizations adopt (or do not adopt) a Software Security development methodology. Check it out -- it's a good read, IMHO.
Among other things, it says, "...effective secure development will only become more widespread when organisations receive better education. To achieve this security consultancies need to adopt an active campaign and the media need to provide coverage." Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com