Larry, 1. Security Code Review in the SDLC 2. Security Code Review Coverage 3. Application Threat Modeling 4. Code Review Metrics I can help out with sections 1-4, I am most interested in section 1. My questions are mostly around what you are looking for and what the responsibilities are. Thanks, Andy