Security controls in software development

What are some examples of security controls in software development?  What are some tools and vendors that can be helpful in designing secure software? Does a company need to worry about the security of the software they purchase?