The National Cyber Security Partnership Task Force today issued a report on applying security across the software development lifecycle. They probably had a deadline to get it out, but was no one wary about issuing the report on -- what is in the Unites States -- April Fool's Day?

It does not seem to be a prank. Check the press release out at here. The report is here.

Quoting from that page, the task force met to discuss "how to achieve meaningful and measurable vulnerability reductions through collaborative standards, tools and measures for software; new tools and methods for rapid patch deployment; and best-practice adoption across the entire critical infrastructure." Now, granted that reads as if created by a random phrase generator. But there are some very bright folks on the task force, including my old boss, Steve Lipner of Microsoft. So, I think it is worth a read. Which I will do today.