Each system component cannot fully validate input. The concept of taint, therefore, is to mark particular inputs as having been entered by the user. Then, only a thorough deconstructing and reconstructing of the information can remove the taint. Although some programming languages such as Perl automate this kind of tracking, other languages such as C need manual tracking.

Related to vulnerabilities used by crackers to break into systems; weak or insufficient validation of user input. Far too often, programmers expect that users will enter proper input. This leads to another problem: Programmers tend to omit critical system components to check for malicious users taking special care to craft input designed to exploit a system.The issue with input validation is that software system components reading and interpreting the input just do not know enough to properly validate it.

See Also: Crackers; Programming Languages C, C++, Perl, and Java; Perl.