There's a nice summary of Microsoft's Secure Development Lifecycle (SDL) available here. Michael Howard's article for MSDN magazine explains how the coding practises of our development teams were changed to formalise building all code from a security perspective.

One of the principle success stories was the way that often esoteric security concepts were translated into developer friendly easy to use methodologies.

Michael's article includes annecdotal evidence of how to bring SDL to life and some excellent supporting resources.