Microsoft made a big security pivot during XP. Gates put his foot down and forced the company to reprioritize secure engineering over everything else during the SP(2?) timeframe.
They also made a pretty big push toward formal verification of drivers, which were often the culprit for insecure/unstable machines. Their SLAM model checker [0] was avant-garde (in industry terms, at least).
Yep, the whole Trustworthy Computing initiative: https://en.wikipedia.org/wiki/Trustworthy_computing There was a huge investment in training, tools, and creating security specialists. It took a long time to turn the ship around but security issues started trending down a few years after that.
