The annual Security issue of MSDN is out, and you should find a copy in your local book or magazine store. Or, if you like, you can read the issue online at http://msdn.microsoft.com/msdnmag.
I wrote an article in this issue outlining a method to reduce attack surface, you can read it here http://msdn.microsoft.com/msdnmag/issues/04/11/AttackSurface/default.aspx. I really believe attack surface reduction is just as important as security education, code reviews, threat models, coding best practice, better libraries, defensive methods (firewall, /GS, NX etc) security testing, fuzz testing and so on.
Why do I think it's so important? Read the article and find out :)
Finally, you can look at back issues of the MSDN Security issues here:
2003 - http://msdn.microsoft.com/msdnmag/issues/03/11/
2002 - http://msdn.microsoft.com/msdnmag/issues/02/09/