In 2021, the Cybersecurity & Infrastructure Security Agency (CISA) released its Secure by Design guidelines to improve software security, emphasizing vendor accountability for shipping code without vulnerabilities. Despite this initiative, real-world application of these principles remains inconsistent among enterprises. Secure Code Warrior conducted in-depth interviews with over twenty security professionals, including CISOs and application security leaders, to explore their implementation of Secure by Design practices within their organizations. The findings revealed a lack of consensus on what Secure by Design truly means and how to effectively implement it. There are no widely accepted standards or benchmarks to measure success, which hampers overall security improvements in the software development process. The research uncovered common challenges faced by security programs and highlighted the need for more structured approaches to integrating Secure by Design initiatives into teams’ workflows. It also examined the impact of artificial intelligence on software development and modern threat modeling. The report emphasizes the importance of precise data and benchmarking to align industry practices with CISA's guidance. Secure Code Warrior aims to empower developers with the skills needed for secure coding, fostering a culture of security awareness throughout the software development lifecycle. The initiative seeks to turn developers into proactive defenders of software integrity, addressing risks associated with insecure code.