OK, you're skeptical. I was too. We've all heard this sort of thing before. Who needs another secure-software development life cycle that, in the end, isn't heeded enough to make a bit of difference? When I was invited to participate in the Rugged Software effort, I was reluctant. I'm far more impressed by actions than titles, certifications or checklists that are all too easy to ignore.

But despite my initial reluctance, I'm on board. For starters, Rugged Software isn't another S-SDLC. Founded by Joshua Corman, the director of security intelligence for Akamai Technologies; David Rice, executive director of Monterey Group; and Jeff Williams, CEO of Aspect Security, the Rugged Software initiative was born from frustration with the status quo. We've all spent years chasing patches and vulnerabilities, but we don't seem to be making positive progress on that front. As , "Software is currently in a state of vulnerability management. That's a negative approach, and it hasn't made frequent breaches go away. Rugged is a more positive approach, where you're not supposed to find a bunch of vulnerabilities in pentesting."

Look, the mere fact that SQL injection remains the No. 1 vulnerability on the tells you all you need to know about how well the status quo is serving us. Because when you get right down to it, .

At this point, what the Rugged Software initiative aims to do is still summed up pretty well in the Rugged Software Manifesto that the movement's founders drafted two years ago:

* I am rugged and, more importantly, my code is rugged.