Also btw Dan Kaminsky said he spent 4 months trying to hack bitcoin (network stack, overflow on messages, the usual host-security 0-day discovery process) and he failed. He's one of the best host security guys and the experience impressed him. Its not a simple thing to make a network stack that bullet proof, most even hard core programmers cant do it.
There's nothing impressive about that at all. Those security problems are characteristic of non-bounds-checked languages, and Bitcoin is effectively written in a safe, bounds checked, subset of the C++ language. Meanwhile Dan Kaminsky did miss a whole bunch of dumb and not so dumb DoS attacks, including ones that crash the Bitcoin Core daemon with out-of-memory errors. (e.g. the extra tx data issue where Bitcoin would accept transactions with up to 32MiB of junk data appended to them and keep that all in memory) Quite frankly for him to give such a glowing report of Bitcoin makes me question his competence more than anything else.