Microsoft adopted the Security Development Lifecycle as part of its Trustworthy Computing Initiative, adopted in January 2002 after the massive Code Red and Nimda worm epidemics. The SDL aims to drum out security flaws from the company products and train development, quality-control and support staff to keep flaws from reoccurring. Windows 2003, Visual Studio 2005, Internet Explorer 7 and Microsoft Office 2007 have all been developed under the SDL process.
http://www.securityfocus.com/brief/351