Business needs to trust developer teams.
Business needs to trust that developers want to do their best for their projects, and for their company.
If business doesn't learn to trust its developer teams, problems will emerge, productivity will be affected and quality/security will suffer.
A great way to show trust is to give the developer team a budget, and with it the power to spend money on things that will benefit the team.
This could include perks for developers such as conference attendance, buying books, or buying things which are normally a struggle to obtain. It is often the case that companies will purchase items for a team when requested, but first the team must struggle to overcome the company's apathy to investing in the developer team. The balance of power never lies with the team, and that imbalance makes it hard to ask for items to be purchased. Inconsistencies are also a problem: sometimes it can be easier to ask for £5,000, or for £50,000, than it is to ask for £50.
Companies need to treat developer teams as the adults they are, and they need to trust them. My experience in all aspects of organisations is that it is difficult to spend money.
When you spend money, especially in an open-ended way, your expenditure is recorded and it becomes official. If your investment doesn't yield good results for the company, you will be held accountable.
Therefore, allocating a budget to the developer teams will keep the teams honest, and will direct their focus to productive investments. Purchases could range from buying some tools for the developers, to buying a trip, or even to outsourcing some work to a freelancer.
Spending on the operational expenses for the team will yield benefits both to developer teams and to business.
(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)