Here is a version of the Checklist talk I gave at Secure 360 last year. It was one of my favorite talks I ever gave made even more so by a great audience including David Mortman and other folks in the trenches I really respect. I worked really hard to make things very simple and real world, no assumptions around "and then a guru appears from behind the curtain fixes everything", I was targeting strategies that any organization could muster.
In helping clients build these Checklists out, I have observed its very difficult for Infosec to build a good one. Its not impossible but it requires striving for simplicity and an action oriented - perscriptive do it this way approach. However difficult it is though it closes an important issue in software development by dealing with some of the complexity.
Three days of iOS and Android AppSec geekery with Gunnar Peterson and Ken van Wyk - Training dates for NYC April 29-May 1