Not breaking news or anything, this document is prominently dated "April 1, 2005" on the front page so it's been out for a while, but for anyone else interested in security and the software development lifecycle, this could make for some interesting reading material and is chock full of ideas at least even if maybe short a bit on actual technical content, courtesy the National Cyber Security Partnership :

http://www.cyberpartnership.org/init-soft.html