Hi all, I just saw a Slashdot story (http://developers.slashdot.org/article.pl?sid=04/04/30/1421223&mode=thread&tid=126&tid=156&tid=185) announcing an MIT study on software development processes used around the world. The report itself can be found at http://ebusiness.mit.edu/research/papers/178_Cusumano_Intl_Comp.pdf
I haven't read through the whole thing, but the slashdot entry indicates that the study found some interesting things, in particular the low use of specification documents in the design cycle. Although it doesn't seem to address security per se, I thought that SC-L readers might find it an interesting read nonetheless. Cheers, Ken -- KRvW Associates, LLC http://www.KRvW.com