Public sector organisations face considerable pressures when developing software to underpin essential citizen services. Delivery timeframes are short, budgets are tight, skills are scarce, and security is paramount. Many public sector organisations often employ experienced contractors to offset the shortage of in-house skills, but this can bring its own challenges when it comes to ensuring consistent security discipline. Contractors often have their own way of doing things and do not always have the security expertise to match their coding abilities.