ALM += "Writing Secure Code"

The book is well worth reading, but knowledge is not action. Microsoft learned the lessons of writing secure code in the school of hard knocks. And translated that learning into a change of behavior that has had positive results.

It makes me rather nervous when those of you working for banks ask me about security best practices! There are the obvious Visual Studio features like code analysis and check-in policies, etc. but for those of you who wanted more, I typically reference the Security Development Lifecycle. Take a second look: we just published new Process Guidance and there is now an SDL Optimization Model, allowing for a progressive and ongoing improvement in security practices with real business value.