It’s critical to share among the entire project team the knowledge of how to design and develop secure systems. If people don’t know secure techniques, they won’t use them, and a code review won’t always catch the problem. It’s easier to build in security at the beginning than to try to catch problems later through a security review. To create a secure system, you need the entire team engaged, thinking about security, writing secure code, and keeping on the lookout for potential security issues.

Often the easiest way of engaging the whole team is spending two days training people. During this time, you can give them an overview of buffer overruns, input validation, exception handling, and other relevant techniques explained ...