Alan, what is concerning is that you actually believe in your imagined greatness. Forty years ago, I did much the same work. When you work on a small, specific, piece of code, such as you did, it is relatively easy to avoid problem, and perform an extremely detailed code-review. Dare I say that, 30 years ago, you never knew about ?buffer overflow?? I did much the same work on security and fire systems for nuclear plants. Very isolated systems, very well controlled environment, not a lot of bells-and-whistles.
When one begins to consider that the complexity of software has evolved greatly, from back in the early DEC and Data General days, and mainframes, and early PCs, one understands this problem (buffer overflow). Yes, there are ways (and should be more ways) to mitigate the problem. It is not just a Windows/Microsoft problem.
It affects every OS and environment:
Etc., etc., etc.
It affects every browser.
It does not matter which programming language is used. It does not matter which DB product is used.
I ran a quick search on the articles from the SANS NewsBItes, for the last five years, on ?buffer overflow?. You will see that every product is affected. And, these were just the ones that were reported. Now, Alan, these are listed merely to show you how widespread the problem is, and that it is not a Windows-only issue.
SANS NewsBites Vol. 13 Num. 7 (January 19, 2011) RIM Warns of Blackberry PDF Distiller Flaw
SANS NewsBites Vol. 12 Num. 3 (January 8 & 12, 2010) MAC OS X, versions 10.5 and 10.6
SANS NewsBites Vol. 12 Num. 19 (March 5 & 8, 2010) Critical Flaw in Opera
SANS NewsBites Vol. 12 Num. 65 (August 13, 2010) Fixes for Opera and QuickTime
SANS NewsBites Vol. 12 Num. 84 (October 19 & 20, 2010) Mozilla Releases Firefox Update
SANS NewsBites Vol. 11 Num. 9 (January 30 & February 2, 2009) Novell GroupWise Security Updates
SANS NewsBites Vol. 11 Num. 10 (February 5, 2009) Multiple Flaws in Areva's e-terrahabitat SCADA Software
SANS NewsBites Vol. 11 Num. 15 (February 19 & 20, 2009) Targeted Attacks Exploit Unpatched Adobe Flaw
SANS NewsBites Vol. 11 Num. 22 (March 18, 2009) Critical Buffer Overflow Flaw in WordPerfect Library
SANS NewsBites Vol. 11 Num. 24 (March 26, 2009) Overflow Flaws in Sun Java Runtime Environment Unpacking Utility
SANS NewsBites Vol. 11 Num. 38 (May 12 & 13, 2009) Apple Issues Security, OS X Update
SANS NewsBites Vol. 11 Num. 50 (June 25, 2009) Green Dam Exploit Posted to Internet
SANS NewsBites Vol. 11 Num. 57 (July 16 & 17, 2009) Google Chrome 2 Update Addresses Two Flaws
SANS NewsBites Vol. 11 Num. 76 (September 23 & 24, 2009) Apple Releases iTunes Update
SANS NewsBites Vol. 11 Num. 93 (November 23, 2009) New Version of Opera Browser Addresses Serious Security Issue (November 23, 2009)
SANS NewsBites Vol. 10 Num. 3 (January 10, 2008) Proof-of-Concept Code for Zero Day QuickTime Flaw
SANS NewsBites Vol. 10 Num. 6 (January 15 & 18, 2008) Citrix Issues Fixes for Code Execution Flaw in Several Products
SANS NewsBites Vol. 10 Num. 12 (February 11, 2008) Apple Issues Mac OS X Update
SANS NewsBites Vol. 10 Num. 17 (February 27, 2008) Mozilla Releases Thunderbird Update
SANS NewsBites Vol. 10 Num. 21 (March 11 & 12, 2008) US-CERT Warns of Critical Flaws in Adobe Form Designer and Form Client
SANS NewsBites Vol. 10 Num. 59 (July 25, 2008) RealPlayer Update Fixes Four Flaws
SANS NewsBites Vol. 10 Num. 60 (July 29 & 30, 2008) Oracle Issues Out-of-Cycle Alert, Says it Will Issue Patch
SANS NewsBites Vol. 10 Num. 71 (September 8, 2008) Google Releases Chrome Update
SANS NewsBites Vol. 10 Num. 75 (September 19 & 22, 2008) VMware Issues Fixes for Critical Buffer Overflow Flaws
SANS NewsBites Vol. 9 Num. 3 (5 & 4 January 2007) Fix Available for OpenOffice Flaw
SANS NewsBites Vol. 9 Num. 8 (24 January 2007) Apple Fixes QuickTime Flaw
SANS NewsBites Vol. 9 Num. 12 (8 February 2007) Trend Micro Patches Flaw in Anti-Virus Scanning Engine
SANS NewsBites Vol. 9 Num. 15 (16 February 2007) Apple Releases Second Security Update of 2007
SANS NewsBites Vol. 9 Num. 16 (22 & 19 February 2007) Buffer Overflow Flaw in Snort
SANS NewsBites Vol. 9 Num. 22 (March 15, 2007) Patches Available for Critical Flaw in OpenBSD Kernel
SANS NewsBites Vol. 9 Num. 49 (June 21, 2007) Apple Patches IPv6, Apple TV Flaws
SANS NewsBites Vol. 9 Num. 51 (June 27 & 28, 2007) RealPlayer Flaw Fixed
SANS NewsBites Vol. 9 Num. 54 (July 9, 2007) Buffer Overflow Flaws in SAP Products
SANS NewsBites Vol. 9 Num. 55 (July 10 & 11, 2007) Lack of Update Coordination at Sun Poses Security Concerns
SANS NewsBites Vol. 9 Num. 57 (July 17, 2007) Vulnerabilities in Trillian And Yahoo! Messenger
SANS NewsBites Vol. 9 Num. 76 (September 18, 2007) Overflow Flaw in OpenOffice Could Allow Remote Code Execution
SANS NewsBites Vol. 9 Num. 97 (December 6 & 10, 2007) November Skype Update Fixes Remote Code Execution Flaw
SANS NewsBites Vol. 9 Num. 99 (December 18, 2007) Apple Releases QuickTime and Java Fixes
The top 25 programming errors provide some light on the subject: http://www.theregister.co.uk/2010/02/17/top_25_programming_errors/
And, the reason ?buffer overflow? is so prevalent is that it is the low-hanging fruit. As code gets corrected, and programmers become more aware, and because of better tools, the number of buffer overflow problems should be going down [as they appear to be doing so].
There is also the issue of manufacturers reporting the problems. This was the case with Apple and Unix/Linux, especially Apple, for a very long time ? that their product(s) was invulnerable to such problems. Well, surprise, surprise. They have as many, if not more problems with their code, as anyone else.
Windows, OS X, Linux/Unix, and the browsers that run on these platforms are (hopefully) becoming more secure. A result of that is that more hackers and malware writers will move to other low-hanging fruit. This means PDAs, smart phones, and the like. These are the targets today. And, with the ?social? environment, many users will fall well short of securing their devices. All that remains is the integrity of the manufacturer to report the problem(s).