Of course, if you ask me, everyone should be implementing a process that is SDL-like, so that isn't particularly interesting for me to write about.

However, it is interesting when others probe the question.  I think you may be interested in reading Time For Apple To Embrace A Security Development Lifecycle by Andrew Storms.

Give it a read and let me know your thoughts...

Regards ~ Jeff