secure programming

I've been taking an interest recently into secure programming practices. What seems to be mentioned in many mailing lists is the reliance on many libraries which may or may not be secure leading to insecure programs without insecure programming. I'm not entirely sure what can be done about this. With most languages you are at the mercy of the system. Though with many "modern" languages you can dynamically load code from a variety of sources, including the internet. That isn't to say that those languages aren't reasonably secure. Java and the CLR both implement fairly stringent security policies regarding class loading. Every language has some inherent security concern, some have more blatant issues (php globals).

I can't contemplate any reasonably secure application lasting very long in a secure capacity on a hostile (insecure) host. Quite frankly the integrity of the system is almost as important as the physical security surrounding it. Then again, I'm a pretty paranoid individual.

I've also noticed that information regarding security practices should be taken with a grain of salt. Security practices, unlike wine, do not age well. As theo says strncpy/strcpy isn't good enough.