"Software testing generally falls under the purview of the quality
assurance (QA) test team. The problem is that QA testers test the
products for compliance with its functional requirements and
specifications. Put another way, they test how the software works, not
how someone can break or misuse software for illicit purposes.
To adequately test the security of business software, test plans
and scenarios must represent the non-functional aspects of code that
attackers are so adept at finding. That’s where a collaboration effort
with the information security staff should start. "
Article Link http://www.darkreading.com/document.asp?doc_id=124294&page_number=3
