Arjuna Shunn here.  Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading.  Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper, and from our SDL Chronicles among others, they’ve compiled some valuable data on the use of SDL to support multiple compliance requirements during software development.  Feel free to take a look and grab the whitepapers if you’ve not already got them.