To design, develop and operate a truly secure piece of software, all involved persons need a high technical as well as organizational focused security awareness. Minor flaws during implementation can cause major economic consequences; especially if they appear as easy to find and simply to exploit vulnerabilities.
Workshops and trainings as well as measures to boost awareness are a first step in the right direction.
With a single, easy to follow secure coding guide for developers, outlining the “Do's and Don'ts” of secure software development, a lot can be accomplished. Not only during development, also in the design phase as well as for operations, and even for the rollout such guidelines are of great value.
On the more abstract management layer ploicies are helpful to define and control the whole “security process”. Ideally they establish a solid foundation for an entire secure software development lifecycle.