yes, that's when exploits Z,A,B,C, and D come out, along with CERT advisory E and denial of backdoors in their software (usually referred to as 'F-U'). it's my opinion that the concept is a good one - how better to find security holes in software than hold a contest, and reward the guy (or gal!) who manages to find one (or more)? so maybe if we rant about this flaw in enough places, enough times, something will be done... but i doubt it. ):

i've said this before (in a joking manner), but seriously i think we really do need a semi-universally accepted FAQ or RFC on security in applications and their enviroment. maybe it wouldn't be the end-all Quick Fix that we'd like to have, but it'd give beginning software developers a common place to look for advice in these matters. as Ovid explained, you can't really be certain that something is completely be secure (well, i know i can't), but you most certainly can do your best and take every measure to ensure that it's as secure as you can possibly get it. this is comparable to locking your door, even though you know someone can break a window - or take a sledgehammer to a wall for that matter (:

note: if anyone does have a faq or rfc etc like i mentioned above, please send it to the email address shown by this code (this'll get those spam collectors! (: ): perl -e 'print pack("H*", "73747266727940343133303334393732"), "\x0a";' - thanks!

--
Peace,
strfry()