In a previous post about Microsoft's Security Development Lifecycle, I promised to go into more details about what Microsoft could do to provide more evidence that its SDL is working. In followup, I tried to answer that question on our Burton Group blog.

It really is interesting (surprising in a way) that many people appear to have difficulty discerning beliefs/opinions from evidence/facts. Certainly, there can be shades of gray, but it is strange how many people feel like their opinions are facts in support of an argument.