The SDL blog has some good comments - http://blogs.msdn.com/sdl/archive/2008/01/29/sexy-development-lifecycle.aspx
For the last several years, there was the Software Security Summit conference where developers could come to learn about security. The bummer is that not very many of them did, and there isn't one of these this year. Being part of the problem is really too easy – solutions are harder, and a much more worthy challenge. Maybe someone will revive the S3 conference, or something like it.
The other cool post is this:
I've been waiting on this one – the reason we have this is because Office asked for it. Hope you like it, too.