A Process for Performing Security Code Reviews

I wrote an article about performing security code reviews that appears in the July/August 2006 edition of IEEE Security & Privacy. Oh, and by the way, there's a little typo in the article; my name is Michael Howard, not Michael A. Howard. Unlike almost everyone on the planet, I don't have a middle name.