The most long term cost effective and preventative approach to software security is to build software in a secure manner.
SDLC security is more than just secure programming but involves all aspects of the software development life cycle.

From the initial phases of the SDLC such as requirements gathering, functional specification to design and development security should be involved at all phases.

Using for example the OWASP SAMM (Software Assurance Maturity Model) or BSIMM (Build Security In Maturity Model) we can assess the weaknesses and strengths within the complete development cycle from IT governance to a technology/coding perspective. We can recommend approaches to remediation and assist in deploying now methods in order to aid continuous improvement.

As part of a SDLC assessment we can perform some code review on either systems currently in development or specific applications to gauge the most common areas of risk to your business from a technical perspective.