Identifying security defects before a product ships reduces the risk of
embarrassing public exposure, the cost of repairing the defect, and the
risk to your customers. Your customers will not forget being
compromised via a flaw in your product, and they may try to hold you
accountable. Properly performing this security validation at each phase
can greatly reduce your products risk to security flaws.
Paper Link: Identifying Risks in the Development Cycle
