No arguments from me on this one. I remember in one of my first programming courses, assembly language on a Univac 9300, one of the things the prof stressed was checking the length of input data. Back then it was to keep data from accidentally trashing a segment of code, rather than a security measure, yet today, almost forty years later, still one of the most common attack methods is utilizing buffer overruns. Hasn't anyone learned anything in the interim?