Microsoft's Security Development Lifecycle describes how we engineer security into our products. Earlier this year, Security Program Manager Mark Shlimovich wrote a detailed whitepaper about how SDL was applied to IE8, providing "behind the scenes" insights into the security engineering that went into Internet Explorer 8.
As you probably know, one of my favorite IE8 Security Features is the SmartScreen Filter. We've recently released a humorous video that shows what a "bricks and mortar" phishing attack would look like. SmartScreen Filter is currently blocking 3 million attacks per day.