Reading the latest news on Infoweek about the often discussed Cisco vulnerability announced at BlackHat I found an interesting quote from Pescatore from Gartner:
Microsoft, said Pescatore, has set the security bar with its predictable patch release schedule, security advisories that tell administrators why they need to patch (or why they don't), and early warnings about potential problems before a patch is available.
"But Microsoft was driven to do that," noted Pescatore. "Microsoft learned the hard way four years ago, with Code Red and Nimda."
This is pretty noteable as Gartner is not really a Microsoft fan...
There is even more - read it on http://www.informationweek.com/story/showArticle.jhtml?articleID=166404290