Gartner smell the bacon/tofu!!!!
Gartner published a document titled
“Impediments and Drivers of Application Security” (Feb 16th) ->
It contains the same message OWASP have been talking about for years: “Firewalls/IDS are not enough, Intranet is not as safe as you thought…” (Think of the enemy within: http://www.darkreading.com/document.asp?doc_id=117605&WT.svl=news1_2 )
It also says that the AppSec early adopters are the large e-business corps. Companies which rely on e-business more than “over-the-counter” business.: Mutual fund banks, etc….
It also mentions that Application developers must accept responsability for security which I think is on the right track but PM’s (Project Managers) and key business units must take this responsibility also. Factor security into development time-lines would be a nice start. 
Rely on outsource development is not good. One should require security as part of the functional spec.
Bottom line: Integrate security into the Software Development Lifecycle. Perform security tests as part of unit and functional testing.
Wakey, wakey, If Gartner say it then it must be true!!!