Via Ping Wales. Lots of good ideas:
Execute-only code; Firewalling by default; Languages; Validation tools; Type safety; Tainting; Rule verification; Good interfaces; Defensive interfaces; Mathematical models; Scripted debugging; Brute force testers; Root cause analysis; Document trails; Rigorous reviews; Statistics