djb has released a paper on his baby qmail, and why the security of qmail hasn't been broken in the last ten years. Overall, it's a good paper with some interesting observations on security engineering processes and why they aren't succeeding in today's security landscapes. Besides looking just like me (djb,me), djb writes an interesting report that many practitioners of secure software engineering should read.

Here's the link... http://cr.yp.to/qmail/qmailsec-20071101.pdf.. Enjoy.