<p>Don't believe the lie that developers don't care whether their application code causes expensive vulnerabilities for their organizations. If the dev team is apathetic, then chances are that the security team and IT leadership aren't giving them a reason or the means to care, application security pundits say.</p><p>"If you ask any developer, 'Hey, do you want to write code that is going to potentially cause millions of dollars of losses for the company?' most of them are probably going to say no," says Bill Pennington, chief strategy officer of WhiteHat Security.</p><p>The problem is that much of today's security testing and training isn't tailored to suit the way developers think and do their jobs, says Ed Adams, CEO of Security Innovations, who agrees that developers want to write high-quality code.</p><p>[How can you start instituting a secure software development life cycle? See 10 Commandments Of Application Security.]</p><p><a href="http://www.darkreading.com/application-security/167901123/security/news/240150773/constructive-security-training-for-application-developers-that-works">Keep reading...</a></p>