Another recent example about vulnerabilities is the discovery of a hole in Joomla! 1.x and Joomla! 1.5 known as a Cross-Site Request Forgery(CSRF) . To be fair, Joomla! is not the only application that is affected by this type of exploit. It's somewhat inherent in the way the Web works. There are codes that can slow down and in many cases stop it. At the time of writing, there was a fix of sorts in place for the CSRF, but not till a word of this was released to the world. This is not uncommon for many software vendor or software projects. With limited resources, they must address the hottest and the highest priority tasks. Thus, it's truly up to the end user to apply a patch once he or she is aware of it. If Joomla! releases a patch for this and you don't apply it, then you are entirely responsible. If the application developer willfully ignores a security hole, then he or she is guilty by omission. However, in the end, security ultimately falls into the...