The Security by Design paradigm – a systematic awareness for and integration of security during the whole lifecycle of a software product – is claimed to be beneficial. Studies emphasize the economic and social benefit of early security consideration during software development. Unfortunately, this claim is little supported by empirical studies. The objective of this study is to examine the relations between perceived effort invested in IT security in distinct phases of software development and deployment and their impact on project success. We address the following question: Does early effort invested in security contribute to the success of software? We conduct an online survey among project leaders of Open Source Software projects and combine these data with objective, secondary data. As dependent variable we examine the perceived success of the software projects as well as the number of downloads as an objective measure for software success at three different points in time. We find that considering IT security in the early stages of development is positively related to the project’s success whereas late consideration is negatively related.