Software development is a complex and challenging
               task undertaken by developers with many different skill levels and
               varying security awareness. Applications created and modified by
               these developers often work with sensitive data and interact with
               members of the general public. This presents significant risks to
               enterprise security, and information security professionals must

               understand these risks, balance them with business requirements, and
               implement appropriate risk mitigation mechanisms.