Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development is subjected to an increasing amount of external regulation and organizational security requirements. To fulfill these requirements, the practitioners producing secure software have plenty of models, guidelines, standards and security instructions to follow, but very little scientific knowledge about effectiveness of the security they take. In this paper, we present the current state of security engineering surveys and present results from our industrial survey (n = 62) performed in early 2018. The survey was conducted among selected software and security professionals employed by a selected set of 303 Finnish software companies. Results are compared to a commercial survey, the BSIMM version 8 and the similarities and distinct differences are discussed. Also, an analysis of the composition of security development life cycle models is presented, suggesting regulation to be the driving force behind security engineering in software industry.