Ed and Charles (from SI) are doing a webinar on Feb 20th about why (in most cases) the software industry have not (yet) figured out how to integrate security into the software development lifecycle (in a repeatable, measurable and visible way).
I couldn't agree more and I’m looking forward to hearing what they have to say :)
You can read more about it and register here