I Wish There Was a Really Simple Answer

In the very early days of the Microsoft SDL, the security development lifecycle, we actually didn't have anSDL to start off with. We were looking for vulnerabilities before we finally shipped the product. And so a whole series of things that happened, you know, nimder had happened, code read had happened. I was in a meeting with Bill Gates to go over vulnerabilities and actually Doug Baill was with me, but I was doing most of the yapping.