I would recommend that you share this post on the http://blogs.msdn.com/S4CD with anyone that automatically cite resources as an excuse for not writing secure code.  This  is an extremely well documented example of how a small team can developer secure code and also makes a good point how the smaller business are putting themselves at greater risk.

Well worth the reading!!  http://blogs.msdn.com/s4cd/archive/2006/09/19/763109.aspx