Introduction Approaches to application security: Language enforced protection: type-safety, ... Operating system protection: non-exec stack, confinement, ... Defensive programming: extensive error checking,... They do not apply to many existing C applications running on generic Unix operating systems. Confinement difficult for authenticating services because execution of privileged operations depends on internal state. Has root authenticated or not? Complex applications will have bugs.