Even though the use of a security development process has proven to reduce the number of security vulnerabilities, 44 percent of devs aren’t using them, primarily because of the cost and lack of management approval. The study also showed that the attention paid to security in development varies from country to country.
Read more about the study results here:
http://www.eweek.com/developer/microsoft-study-less-than-half-of-developers-use-a-security-process/