Microsoft's Steve Lipner, who was a major proponent of the need for a secure development methodology, talks about the successes of Microsoft's push--and the costs.



From InformationWeek:

When Microsoft announced the Trustworthy Computing Initiative more than a decade ago, it seemed little more than a marketing push. Yet the company managed to create a sustained security program aimed at locking down its software. A key component of the initiative is the Secure Development Lifecycle (SDL), an iterative approach to programming that helps identify and resolve security weaknesses.

For more than a decade, the SDL has generated impressive results for Microsoft--leading, for example, to the decline of critical vulnerabilities in 2011 to their lowest level in five years.

  How Microsoft Made Windows Secure From Ground Up