The rapid growth of Internet-of-things (IoT) software applications has driven both practitioners and researchers' attention to methodological approaches for secure IoT development. Security issues for IoT is special in the way that they include not only software, but also hardware and network concerns. With the aim at proposing a methodological approach for secure IoT application development, we investigated what are security challenges in the context of IoT development. We reviewed literature and investigated two industry cases. The preliminary finding results in a list of 17 security challenges with regards to technical, organizational and methodological perspectives. Cross-case comparison provides initial explanation about the less emphasis on methodological and organizational security concerns in our cases. © 2017 ACM.