Most developers have little to no formal training on security-related aspects of their profession, which has caused software to be a constant source of vulnerabilities. But what resources do developers have at hand to evaluate their work security-wise? And are those resources providing information and tooling which positively affect software security?