I often mention that we try to give you all the tools we have as long as it makes sense form a risk perspective. The risk perspective is a simple one: If we give it to you as our customer, we give it as well to the criminals.
There are two new tools which just made the bar and which are now released by the Security Development Lifecycle (SDL) team:
So, if you develop in-house, look at them and make use of them. If not, make sure your supplier uses them or something similar (we do…)
Additionally, you might remember that we released a Security Development Lifecycle Template for VisualStudio earlier this year (Security Development Lifecycle Template - Your next step to "Secure Development). Based on your feedback the SDL team has written a whitepaper on how to integrate their practices into your own process template: Whitepaper: Manually Integrating the SDL Process Template