In the conclusion, once again bring up that compelling story you told in the introduction. Look for ways to tie together all of the things you mentioned in the introduction as well as the supporting paragraphs, recommends Indiana University Bloomington's Writing Tutorial Services department. At this point, it's also OK to mention that you're very interested in the position, if you are indeed applying for a specific job -- but you don't need to provide specific details about when you'll be available or when you'll follow up, as you would with a cover letter.
The use of format string bugs as an attack vector was discovered by Tymm Twillman during a security audit of the ProFTPD daemon. The audit uncovered an snprintf that directly passed user-generated data without a format string. Extensive tests with contrived arguments to printf-style functions showed that use of this for privilege escalation was actually possible. This led to the first posting in September 1999 on the Bugtraq mailing list regarding this class of vulnerabilities, including a basic exploit.  It was still several months, however, before the security community became aware of the full dangers of format string vulnerabilities as exploits for other software using this method began to surface. The first exploits leading to successful privilege escalation attack were published simultaneously on the Bugtraq list in June 2000 by Przemysław Frasunek  and the person using nickname tf8 .  The seminal paper "Format String Attacks"  by Tim Newsham was published in September 2000.