Do you have SDLC (Secure Development Lifecycle) in place?

Yes, we are following the waterfall model for SDLC.