Offtopic: Merry Christmas and Happy New Year. Have a nice '09!

A very good article has been published by CWE. Top 25 Most Dangerous Programming Errors must be read by any software developer who seeks to develop secure and, what is more, safe applications.

The article divides all the programming errors in three classes, (a) insecure interaction between components, (b) risky resource management and (c) porous defences. Top 25 includes both good old errors (such as buffer overrun), web-specific XSS and SQL injection errors, and issues caused by the lack of attention to application's security.