From the OunceLabs archives here is a document I wrote back in 2008 that provides a roadmap (and template) for companies (or team) that want to implement a S4 (Source-code Security Scanning Services)
I never finished this document, but there are lots of good (and battle-proven) ideas in there :)
Let me know what you think of it:
