An excellent historical recap of how security was strategically integrated into Microsoft’s development process.

http://www.microsoft.com/security/sdl/story/

QUOTE: Across thousands of developers and millions of lines of code, one company learns to build secure software in an increasingly insecure world.  It was 2 a.m. on Saturday, July 13, 2001, when Microsoft’s then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called “Code Red” was spreading at an astonishing rate. Code Red was a worm — a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious. At the time, ABC News reported that, in just two weeks, more than 300,000 computers around the world were infected with Code Red — including some at the U.S. Department of Defense and Department of Justice.