> You need to know the application domain and all parts of it.

I agree with that, 100%! I'm not doubting some of your statements, but you seem to be missing my main point. Forget fuzzing, type casting, tool sets, etc., I'm just arguing for purity in code as a better long term solution than post-processing object code.

I believe you are misconstruing what I've been saying. Tools are great, but they are no replacement for good solid code. Complex systems, or not, shouldn't contain the coding errors (they aren't bugs) that this and other fuzzing tools do find. Having, and awarding for such tools, leads, I believe, to an ecosystem of acceptability for poor coding. The correct avenue is to audit code and correct bad habits....but that takes deep knowledge of C/C++.

There is a vast difference between buggy code and poorly written code. The article and subject are about finding faults in poorly written code, which is something good programmers (and ones who are aware of a language's pitfalls and nuances) rarely produce. Testing is for finding bugs, rarely does testing involve analyzing code for purity.

> Intelligence reports on a possible attack were made and not followed up on

That pretty much sums it all up. I say prosecute *everyone* involved who failed to "follow up", as you say. If we're not going to prosecute them, at least do pay them "talking head" money, nor give credence to their words.

Singapore has EXCELLENT coverage to all of Asia (sans West Asia). From Singapore you can easily serve content to both India and China (with to see the pipes going into and out of Singapore. In 2015, Singapore will gain improved connectivity to Australia (APX West). Taiwan is similarly situated, albeit further from India/Pakistan/etc.

