LANGSEC Let our friends from Occupy Babel explain it in a few simple slogans! Every piece of software that takes inputs contains a de facto recognizer for accepting valid or expected inputs and rejecting invalid or malicious ones. This recognizer code is often ad hoc , spread throughout the program, and interspersed with processing logic (a "shotgun parser"). This lends the processing logic to exploitation and programmers to false assumptions of data safety. Apply full recognition to inputs before processing them! Unneeded computing power in input handling code is a hand-out to attackers. Reduce computing power needed for your protocols, reduce parsing exposure to the necessary minimum! The power that is not there cannot be hijacked. Once created, the glut of computing power cannot be destroyed, because of backward compatibility; repackaging of insecurity goes on fo...