As posted by Robert Auger (cgisecurity.com), a funny and somehow insightful list.
5. The vendor's idea of a patch process involves you editing line X and replacing it with new code
4. The amount of total downloads is less than the application's age
3. It isn't running on the vendors homepage
2. The readme file states that you need to chmod a certain file or directory to 777 in order for it to work
1. If the application name contains 'nuke' in it, you're pretty much screwed.