Security Development Lifecycle Blog
Interesting blog around the SDL, this one I've preached a bit for a while. When discussing OS security issues, it's not about who's OS has 3 vulnerabilities this month vs. 4 for the next guy, it's about how we in the industry are trying/striving to fix these issues.
http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx
Nice article worth a read for those who either develop or support custom apps
http://blogs.msdn.com/sdl/archive/2008/03/06/crawling-toward-sdl.aspx
