Luis Alonso Ramos wrote: The article seems to say that managed languages are not vulnerable, but isn't managed languages (or the managed engine) implemented in unmanaged languages They're talking from the point of view of what's open to the application developer. In terms of the language features this particular vulnerability is not possible. But we've always been aware of this. Re: the CLR, if it's implemented in modern C++, which it should be given its newness, then I would expect pointer errors to be much reduced. Kevin