I'm no fan of lawyers or litigation, but it's high time that someone defined "buffer overflow" as being equal to "gross criminal negligence".

Thus begins a rant by Henry Baker in the latest Risks Digest. He repeats some standard complaints about software engineering, but he also provides a historic perspective that many screeds lack.

Baker's rant is worth reading, even if Perl is safe from the problem he describes. There are security problems beyond buffer overflows that we're often guilty of. Skim the rest of the issue while you're there. There are several good reminders that security is an end-to-end issue, but humans in between.