I had in interesting discussion with a family friend, concerning the major security hole they found in Windows XP. There has been one part of the conversation I've been mulling over since. In pretty much all other industries, from hair cutters, to auto mechanics, to electrical engineers, the workers need to be certified by the state. Is it possible to have a state run certification program? What would you check for? Or would it be better to have the state certify the product, and not the programmers? Or is certification stupid? I know I would like to know that programmers who write aviation navigation software, hospital databases, and banking software know to check for negative numbers when they do an atoi function, and use good memory management, so they don't have buffer overflows. These are simple things to ask for, and check for, but 90% of the security holes out there are from stupid things like this. Would some sort of certification help?