in reply to
web site design, or lack thereof
An excellent comment.
Any good, though not necessarily experienced, programmer
will know their own level of incompetance. I've been
programming for a long time, but I know I'm dangerous
when I'm writing production code in a new area I'm
inexperienced in. I'm especially dangerous if I don't
have any emotion of fear since I think I'm doing fine
even though I'm probably heading for the abyss. As others have
design/code reviews are a must to keep me honest.
Security is like error checking,
you must build it into the design from the start and
the quality/quantity of it must be in direct proportion
to the damage that can be caused if you don't get it
right. If it's some silly little app you are running
on your machine from home, who cares if it gets hacked.
If you are taking
a CC number think "testify", "jail time", "bankruptcy" (esp. if
it happens to be mine :-).