Every day I investigate all these security related sites, because I'm not only developer but a system administrator who wants to keep his systems as secure as possible. And every day I have to wonder how hard it must be, to simply add a null to incoming integer values.
Just a hop to: http://secunia.com/search/?search=Joomla
Isn't it a well known issue, that one cannot trust anyone? Specifically user supplied data? Dear colleagues: It's only PHP and MySQL, neither C/C#/C++ nor ASM! You don't need to worry about heap, stack or registers. You only need an adequate knowledge about data types, respectively type casting. 
I'm really glad, to be member of a team, that does care for customers and their security. Thumbs up guys! We'll meet at the Dojo.
Best Regards
Uwe
XML Feeds