I just posted an article about the SDL goals over on the SDL blog. http://blogs.msdn.com/sdl/archive/2007/12/17/security-is-not-all-about-security-updates.aspx