This weekend, we posted the Security Development Lifecycle document on the Security Developer Center. We'll headline this a little later today. This article was written by Steve Lipner and Michael Howard. We considered it important enough that we gave the article it's own, easy to remember url:

http://msdn.microsoft.com/security/sdl  

Here's a link and a bit more about the article:

The Trustworthy Computing Security Development Lifecycle
This paper discusses the Trustworthy Computing Security Development Lifecycle (or SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process.

Mike has some more information here.