Yeah. I read an article recently which support my believe on SDL. In today ever changing software security environment, we need a self evolve process like SDL.

http://blogs.zdnet.com/security/?p=697