1. 10

  2. 1

    Recognition and parsing is syntax. What is important for secure software is that both the syntax and semantics of input processing preserve a safety condition. You can find lots of examples where parsing is fine, but interpretation is vulnerable - anything in javascript or actionscript, for example. You can find lots of occasions where a recognizer wouldn’t have helped that much - heartbleed, for example. I don’t think that LANGSEC is either necessary nor sufficient for secure/trustworthy computing.