"The OWASP Security Spending Benchmark Report surveyed about 50 organizations to determine their spending on secure coding; OWASP found that 61% of those surveyed had an independent third-party security review of software code to find flaws before Web applications are used live. The percentage surprised Boaz Gelbord, executive director of information security at Wireless Generation Inc., who organized the report with Jeremiah Grossman, chief technology officer of WhiteHat Security Inc. Gelbord said the predominant thinking has been that companies are conducting code review in-house if they're doing it at all. "One thing that cuts across all the statistics is a growing approach toward secure coding," Gelbord said of the survey. "

Read more: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1351731,00.html?track=sy160