The /. artcile is a biased piece of cr4p. Nowhere was the PC mentioned in the article. With that said, the SANS list is also a piece of cr4p. They are trying to make me believe that these "25" errors are the holy grail of secure programming! That if I (somehow) make sure I have them covered, that everything will be fine? I am sure Keving Mitnick would love to disagree with that one. I do too. We are not at a stage where we can write "secure" software yet. The most basic input device for a computer is still the same thing that was in place 30 years ago: the Keyboard. We may have come a long way, but whenever I see a keyboard and mouse it's a grim reminder of how primitive technology still is.
The gratest threat I tend to see for example has nothing to do with code. It has to do with an unsecured laptop left on a desk, that can easily dissapear. So although the list of 25 is a valid list, it's far from anything new and unknown. There's many factors that affect how secure technology is produced - and code quality suffers as a result.