Following on from my recent post about Windows Vista security and the SDL, a number of people have indicated to me that obvioulsy it's a fluke. It's important to point out that the reason I talk about Windows Vista so much is because I work in the Windows Division. The SDL was born in Windows.

But the SDL extends across Microsoft, not just Windows. So if the SDL works, wouldn't we see vulnerability reduction in other Microsoft products too? Er, yes!

Take a look at a blog post Jeff just made and you'll see what I mean.