Microsoft has released a document describing how the Secure Development Lifecycle (SDL) model maps to so-called CWE/SANS Top25 List,
i.e. "25 Most Dangerous Programming Error" list released earlier in January.

Item-by-item type analysis as a Word document has been released too. The link is being icluded to referenced MSDN blog entry.

http://blogs.msdn.com/sdl/archive/2009/01/27/sdl-and-the-cwe-sans-top-25.aspx 

Juha-Matti