http://blogs.technet.com/rhalbheer/archive/2008/01/05/analysis-of-recent-vulnerabilities.aspxMichael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recenten-USCommunityServer 2.1 SP1 (Build: 61025.2)