Microsoft SDL (Security Development Lifecycle) team released recently two guidance papers:
The SQL Injection subject is not at all new. As an example 9 years passed since NGSSoftware published their SQL Server Injection Whitepapers.
What brings new the SDL Quick Security Reference on SQL Injection? Among other things it describes the role in addressing this issue for the business decision maker, the architect, the developer, and tester.
The following graphic based on data published by shows the importance of SQL Injection as a threat: