Secure software development has gained momentum during the past couple of years and improvements have been made. Buyers have started to demand secure software and contractual practices for taking security into consideration in the software purchasing context have been developed. Software houses naturally are very keen to providing what their potential customers' desire with respect to security and quality of their products. This study analyses the capacity of private bargaining to incite secure software development and suggests methods for improvement.I argue that without appropriate regulatory intervention the level of security will not improve to meet the needs of the network society as a whole. There are not appropriate incentives for secure development in the market for software products. The software houses do not have to bear the costs resulting from vulnerabilities in their software and the buyers' capability to separate a secure product from an insecure one is limited.