I had to check it was October and not the beginning of April

"The team at Microsoft has done a bit of developing in its time and has drawn up a few guidelines on security engineering activities that should be an integral part of your software development process - bundled up in one convenient little handbook."

I'm sorry, 'Microsoft', 'Guidelines', 'Security' in one sentence that doesn't include the words 'ha ha ha ha ha ha ha ha'

Is it perhaps a history of Microsoft development with the advice at end to do the opposite (thanks Douglas Adams)

Microsoft and security.. now that's what I call amazing. Pity most of their products weren't so security conscious. Any outpouring from Redmond tends to resemble a sieve in my humble opinion!!

... taps foot, waiting for the Reg hammer to drop on David's login.

Actually I've read through this (I got it at a Visual Studio event a while back) and it's a good basic introduction to various ideas around secure coding.

If someone is new or inexperienced to the demands of coding securely and defensively for a corporate business-critical environment rather than hobby or self-taught coding, this is a good primer, and much of it is conceptual considerations rather than tied to Microsoft products.

I know this comment doesn't tie in with the knee-jerk anti-Microsoft sentiment this topic has predictably unleashed, and I would of course like to unreservedly apologise for being a M$ imperialist running dog fanb0i or whatever: but some of you, or someone you know, might actually find it a quite useful read.

Well I guess it's a nice starting point.

It's also given away free at any of those Microsoft seminars you might go to. Be aware it was written when .net 1.1 was release and 2.0 was in beta.