Unforgivable Vulnerabilities

For some products, it's just too easy to find vulnerabilities. First, find the most heavily used functionality, including the first points of entry into the product. Then, perform the most obvious attacks against the most common types of vulnerabilities. Using this crude method, even unskilled attackers can break into an insecure application within minutes. The developer likely faces a long road ahead before the product can become tolerably secure; the customer is sitting on a ticking time bomb. These Unforgivable Vulnerabilities act like canaries in a coal mine. They are beacons of a systematic disregard for secure development practices. They simply should not appear in software that has been designed, developed, and tested with security in mind.