Abstract
The divide between IT security and software security can result in the neglect of proper software security. This divide can be bridged by establishing a formal security champion role in the development team and conducting collaborative risk-based security activities.