I got this question alot at TechEd 2008. “Hey George, do you have anything I can show my management to justify the developer resources to focus on security throughout my application development process?” or “Hey George, do you have any case studies that show the business case for implementing the SDL?”
Or my favorite one, “I know Microsoft has implemented the SDL, but we’re not a software company, so we don’t need to worry about security.” Bottom line is you deal with customer transactions and have customer data you want to ensure your safeguard your customers privacy. Security is the fundamental base requirement before you can talk about Privacy, Online Safety, software legislation or even self actualization such as Green IT initiatives. So relax, grab a cup of coffee(Maxwell House, Folgers, or Farmers coffee, since no one can afford Starbucks coffee with so much of our coin going to pay for gas) and check out the The Business Case for the Microsoft Security Development Lifecycle (SDL).