One approach to the security problems discussed in the preceding sections is to try to fix all bugs, both the varieties that are fairly well known, such as buffer overflows, and new ones that are discovered, such as format string bugs.
This is a laudable goal, and it produces very good results if applied vigorously. OpenBSD's continued security audit of their code is testimony to this. However this is also a very time-consuming, frustrating job, because fixing an application once is rarely a guarantee that its author will not introduce another security problem in the next release.
My two main design goals when making applications more secure are separation and containment. Separation means separating the part the requires special privilege from the part that doesn't; in many applications the ratio between these two types of code is often 1:100 or more, so there's a lot you can gain security-wise if you can stop worrying about the security problems in 99% of your code. Containment means containing the effects of a bug in the critical part of your code; for instance a bug by which an attacker can remotely gain root access to your machine is pretty bad. A bug by which the attacker can gain access as user nobody is still bad but usually not as catastrophic as full root access.