Developers are flooded with tools and worries provided by security vendors. From researchers finding theoretical attacks, to time spent dealing with package updates, to simple accidents causing downtime all of these exist. Taking some history into account to understand the basic categories of attacks and how practical they are to exploit or even how common they are will give some assurance and guidance on where a developer can focus their limited energy and get the most out of their efforts.