Hi Nancy, I have done projects for clients for more than 20 years and the usual old fashioned typos, small errors and omissions do happen and are just as quickly fixed. I give my clients a fixed amount of time, usually 6 months after the sign off date; to bring up any found bugs or omissions to be freely fixed. That said, if you have an ongoing relationship, you are morally obligated to stay on top of the latest attack vectors like DOS attacks, SQL injections, and dictionary attacks as well as work on the customer's behalf to mitigate as best effort future attacks by keeping your own code and any third party software you use patched against new threats. The client should expect to pay you money for your work to stay in front of this area and to simply be available in case of problems. If the client risks are really that big consider bringing in an internet security firm yearly to review and test your web applications for any technical risks you might have overlooked. I also use a statement in my agreement that spells out that if I totally fail on a project (and I never have) the client is due no more than the total amount of the project. If you the sole proprietor, you should also consider providing the client in writing the name of a backup person or firm that can take up where you left off in the case you get hit by a bus or become ill. Roman Roman Victor, Software Developer RVPM Designs 8 Coach Ln Amherst, MA 01002 romanvictor at rvpmdesigns.com www.rvpmdesigns.com