Looking for contributors for the secure development pattern

We just started the discussion on secure development lifecycle.
We would be very happy if you could post your experience in this field.
Which expectations are realistic?
Which activities paid back?

the OSA core team

Here is the link to the discussion forum:
SSDLC pattern thread.