Michael Howard reports that the document "The Trustworthy Computing Security Development Lifecycle" has been published on MSDN. This document outlines the security-related process improvements that Microsoft has been working on. It provides insights and guidance on how to improve the Security Development Lifecycle Process.
As I've been involved in defining process guidance for techical reviews (eg. code reviews) lately, it's interesting to see that Microsoft uses static analysis tools, fuzz testing, and manual code reviews while conducting code security reviews. As we've used a similar process - with success - the article is a must-read for anyone willing to improve his development skills.
Check also out Dana Epp's post on this topic!