Explore the challenges of integrating security into software development in this 29-minute conference talk from the 44CON Information Security Conference. Delve into the reasons why security-as-a-feature remains elusive, examining when developers should learn secure coding practices and where they can acquire essential security skills. Investigate the cultural problems hindering progress, analyze the root causes of software insecurity, and consider the roles of various stakeholders in the industry. Gain insights into potential solutions and resources for improving software security, concluding with final thoughts on this critical issue in the field of information security.