Looking for contributors for the secure development pattern

We just started the discussion on secure development lifecycle.
We would be very happy if you could post your experience in this field.
Which expectations are realistic?
Which activities paid back?

Cheers
the OSA core team