While roughly a quarter of respondents don't work at organizations that develop their own software, three-quarters of them do. Since only two-thirds of them have a formal policy, approximately half of organizations responding to the survey have formalized their secure development process.