Great blog post by Steven Sinofsky from the Windows division, reminding folks that Windows 8 is going to be built using the Microsoft SDL.  From the blog post:

Secure by design

We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:

• Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
• Writing secure code. Training and code quality tools help to prevent common coding issues from entering the Windows source code.
• Penetration testing. Security engineers take an attacker’s perspective when reviewing a completed set of features that make up a scenario.
• Security code reviews. Security engineers provide additional security-oriented code reviews for highly sensitive components.
• Security tools. Tools continuously updated with the latest state of the art in finding and exploiting software provide a scalable solution to improve existing code.

Protecting you from malware - Building Windows 8 - Site Home - MSDN Blogs