A new study finds software writers increasingly intent on baking security into their code writing, and Microsoft gets high marks for helping the process along. Security practitioners often rant about sloppy software writing as the main reason attacks flourish. But newly released survey results suggest code writers are slowly starting to get it.

Atlanta-based Errata Security conducted a survey on software security assurance at the RSA Conference and Security B-Sides event in San Francisco earlier this month and found, among other things, that the most popular formal software security assurance methodology was the Microsoft SDL, followed closely by Microsoft SDL-Agile. At 46, the number of respondents was small. But the results provide an interesting snapshot of how secure coding has grown in importance, said Marisa Fagan, security project manager for Errata.

"There is still a large percentage of software companies who are not considering security the first time they write their application," Fagan said. "Waiting until a bug appears in the news is like paying someone to follow behind you and unravel all of your hard work. It's just a matter of time before they find a hole."

But the survey results suggest secure coding is of much deeper importance than it used to be. More than half of the participants said they included preventative security activities in the development lifecycle of their product. The most popular formal software security assurance methodology was the Microsoft SDL, followed closely by Microsoft SDL-Agile.

Thirty-five percent of respondents use the Agile SDLC, which explains the rapid adoption of the newly released SDL-Agile methodology.

The link for this article located at CSO Online is no longer available.