Software security is a rapidly developing problem. Malware, ransomware and spyware routinely leverage vulnerabilities in software to gain access to systems, escalate privileges and run adversarial code. One approach to solving this issue is to use secure software methodologies, which attempt to guide organisations in improving their software assurance. However, these methodologies implicitly assume the presence of substantial resources deployed in a compliance-mandated environment. The distinct and often limited environment in which small organisations, independent teams and lone coders operate is not considered. Advice for software security in small teams is almost absent from the literature, as is a way to measure the levels of secure coding in such teams. In order to address this problem, we must begin by understanding it. As part of the analysis of a large survey on current software security practice, we examined the current software security practices of small and open source organisations, and of lone and non-company developers. We present our results in this paper. We believe that these insights will provide a first step to targeting security advice to these under-represented groups.