Security Process: Pattern and Practices Security Engineering
As I have often said there is no Silver bullet in the IT industry and that includes Security. Rather Security is about the process and not just products. Security products are part of the process as well as identity vulnerabilities, security code reviews, security testing and many others aspects that make up the security process in the Software Development Lifecycle. Microsoft has released a Pattern and Practices about adding Security to the Software Development Lifecycle which can be downloaded at the following URL: