Software security guarantee question – Information security stack exchange

I found this question from a computer book. Any help would be greatly appreciated

Q- Suppose you are the developer of a computer product that can process critical data and that will probably run in a hostile environment. You have an excellent design and development team, and you have a lot of confidence in the quality of your work.

(a) Explain why you would add security steps to your development environment.

(b) What additional information (if any) would you need to decide whether the product should be formally evaluated or not?