Microsoft continues to add value to developers from all programming camps. SilverStr and Emergent Chaos both have pointed to Microsoft's release of their practices in the security development lifecycle. This effort, pulled together by Steve Lipner and Michael Howard, is to be applauded. The end to end view provided in the paper is important to show teams thinking about ways to increase security in their applications.
One of the major issues to be solved here is that the development teams continually are paring down the artifacts and activities in the development lifecycle in favor of a more "lightweight" approach. The path that the security team must navigate is to identify the critical set of deliverables that increase security in a cost effective way without bogging down the developer's progress. In my own work in this area, I have tended to take an approach of laying out the elements that can be used in various phases, then in a UP-like way let the projects decide which artifacts apply to their domain.