D.J. Bernstein, author of qmail and professor at U-Chicago, has released a new paper on qmail security. Though ostensibly about qmail, it's really an exposé on secure coding practices. In the paper, he identifies three fundamental approaches that will met "users' security requirements" within a given program:
1) eliminate bugs
2) eliminate code
3) eliminate trusted code
There's nothing I can say here that isn't better said by DJB in his paper. As such, I highly recommend reading it right away. It's very short (10 pages including the page of references) and very accessible. You do not need to be a programmer or a CompSci major to understand what he is saying.
