Jeremy Dallman here. Earlier today, Errata Security released the results of their survey: Integrating Security into the Software Development LifeCycle. This survey was conducted over a two-week period and gathered information from 46 different companies both online and at events around the RSA 2010 Conference. It was specifically designed to ask people in the software development community about how they integrate security solutions into their development lifecycle.
We were very glad to see that most companies surveyed have integrated security activities into their development organizations. We were also very encouraged by the awareness and implementation of the Microsoft SDL and Microsoft SDL-Agile methodologies. This provides some great validation that the SDL we apply to Microsoft products is transferrable to other software development organizations. The result of more secure software is a more secure software ecosystem and more secure customers.
If you are using (or considering using) the Microsoft SDL or SDL-Agile methodologies in your organization, we welcome your feedback and recommendations for what you would like to see in the SDL moving forward.