This is exactly what the CSRB report recommended MSFT do: "In all instances, security risks should be
fully and appropriately assessed and addressed before new features are deployed."
It will be interesting to see how these principles translate into everyday practice, incentives, and rewards. The chance of FUD-biased annual evaluations is real. I hope cbell is successful.
"We are making security our top priority at Microsoft, above all else—over all other features."