When it comes to security testing, it is a crucial aspect of software development. It also is important to maintenance when it comes to finding vulnerabilities and weaknesses. Different companies use different approaches to achieving this. Let's discuss some of the practices you are familiar with and ones you feel should get more attention.
Pen testing is something I wish more companies practiced. For those not familiar, it is penetration tasting which involves simulating real world cyber attacks to find vulnerabilities to resolve them so they do not happen from an outside source.
Threat modeling is up there to me and this involves identifying potential threats to the system and assessing their potential impact. It helps in understanding the security requirements and prioritizing security testing efforts. I am sure at this point most if not all companies that manage and build software do this.