In 2011, Microsoft wrote a paper titled “The SDL Progress Report” that discussed the history and key takeaways of work done at Microsoft from 2004 to 2010. These set of patterns and practices
Stage 0: Education and Awareness
Stage 1: Project Inception
Stage 2: Define and Follow Design Best Practices
Stage 3: Product Risk Assessment
Stage 4: Risk Analysis
Stage 5: Creating Security Documents, Tools, and Best Practices for Customers
Stage 6: Secure Coding Policies
Stage 7: Secure Testing Policies
Stage 8: The Security Push
Stage 9: The Final Security Review
Stage 10: Security Response Planning
Stage 11: Product Release
Stage 12: Security Response Execution