I just posted some commentary on the SDL blog about some recent Symantec and IBM vulnerabilities, and how the SDL *may* have found them.