This document discusses building security into the software development life cycle (SDLC) through a business case approach. It outlines the costs of application security versus software security. Adopting a formal secure SDLC process using security enhancing models can reduce costs by finding and fixing defects earlier. Making an initial business case by assessing return on security investment and integrating software security with overall risk management is recommended. Regularly reviewing the business case ensures commitment to security throughout the SDLC.