"Software testing generally falls under the purview of the quality assurance (QA) test team. The problem is that QA testers test the products for compliance with its functional requirements and specifications. Put another way, they test how the software works, not how someone can break or misuse software for illicit purposes.
To adequately test the security of business software, test plans and scenarios must represent the non-functional aspects of code that attackers are so adept at finding. That's where a collaboration effort with the information security staff should start. "