Security: An integral part of SDLC
Today, application development managers tend to make the mistake of not including the security aspects right from the beginning of the software projects. This turns out to be a costly step for them, as revisiting the security issues and defects left in the initial phases costs many times more to fix if not identified in the beginning. IBM Systems Sciences Institute identified the cost multipliers in the following figure.

Many information security related research studies justify the ROSI (return on security investment) made by many organisations in various development phases. According to MIT (Massachusetts Institute Of Technology), fixing security defects during the testing phase costs nearly seven times more compared to fixing the same defects during the development phase.

It’s a far better idea to treat application security as an ongoing process rather than a one-time effort.