In @BOOK{viega:secure, AUTHOR = "John Viega and Gary McGraw", TITLE = "Building Secure Software", PUBLISHER = "Addison-Wesley", YEAR = "2002", SERIES = "", VOLUME = "" } they present principle 5: Compartmentalize. The example they use is the pet sitter that should have access only to the garage where the pets are kept and not to the entire house. This is similar to the Law of Demeter (LoD) where you don't give the paperboy access to your wallet but only to the amount of money that is due. The LoD is best summarized as: talk only to your friends, i.e., a method can only talk to its preferred suppliers. The LoD and separation of concerns in general help to compartmentalize software. Here is a vision how to design more secure software systems. We consider three different implementations of the same system. Those implementations may be produced from the same code base. See reference 28 by Calton Pu et al. in Castro/Liskov (resources/castro99practical.pdf). The execution of those systems must follow security policies P1, P2, ... with P1 = LoD. If one of the three systems fails to follow one or more of the rules, the execution switches to another system that follows the rule. Not following the rule indicates that an intrusion took place that needs to be investigated. This approach of using multiple parallel systems is used in practice by major financial institutions. They may use 6 parallel copies to increase security. It is unlikely that an intruder will be able to compromise all 6 systems at the same time because they frequently switch from copy to copy. This gives an intruder not enough time to compromise the system. Your money should be safe. Nevertheless, at the same financial institutions someone stepped on a crucial fiber optics cable and broke it. The price tag was about 35 million dollars. Agreeably, the LoD is a weak security policy that the code must follow but it is only one of several. Consider a buffer overflow which is against the LoD because the currently executing method suddenly talks to non-preferred supplier objects.