At Microsoft, secure development was part of the Windows security feature development organization. Microsoft’s approach emphasized training, motivating and enabling the engineers who wrote the code and develop secure software. Security people assigned to work with the development groups but made their role primarily providing advice on threat modeling and helping with gnarly problems not checking on developers. Conways Law says organizations which design systems are constrained to produce designs which are copies of the communication structures of these organizations”]

