Great point. Thanks for the comment.

Pete

“It is not clear to me how many ‘other good researchers’ are out there focusing on Microsoft products…”

As I’m sure you know, there are companies out there with strong researchers like eEye whose very business model is in finding and publishing MS flaws. One easy way for companies like eEye to boost sales of their product would be to release in-depth threat reports about MS patches as when they come out divulging all the gory details of silently fixed flaws. But no-one does do this on an industrial scale which leads me to believe there’s nothing there to report… Then again, perhaps I’m wrong and they’ve just not thought of doing this.
Cheers,
David