sendmail, the leading Mail Transport Agent in use today, was written at a time when security was not a big issue. Internet was not as widespread
as today and the netizens were kinder to each other. To use nessus' words, "security was clearly not in the mind of the persons who wrote it". Sendmail's security record is legendary (one is tempted
to say "abysmal"), see this list of Sendmail desasters, which only covers the period from 1993 through 1997. There was a time
when sysadmins had to get used to weekly security patches from the sendmail author and even joked about that.
Did this prevent the whole world from using sendmail? Not at all. Did this prevent Fortune 500 companies from organising their mail systems with sendmail? Doesn't seem so. I wonder if the nessus
folks would issue the same warning for sendmail too (didn't check, I must admit):
The remote host is running a copy of Sendmail. Given the insecurity history of this package, the Nessus team recommends that you do not use it but use something else instead, as security was
clearly not in the mind of the persons who wrote it.
Other software, like vBulletin, Iconboard, YaBB or Post-Nuke have shown security problems too. Even hardware is not safe from vulnerabilities today, since it may be running on faulty firmware. See
How secure is PHP-Nuke? for a long list of links on such examples.
You may have a different opinion on sendmail's merits, but obviously its security record did not harm its popularity that much. And we didn't go that far as to examine this effect on even more
popular software, like Windows. 
That's why, once again, you have to weigh nessus' warning
with your own personal "weight factor".
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
