Quote:
Woohoo! Now I'll know what a "composition flaw" is when I start my new job at the CERT in a couple weeks!


It's not exactly a common term. For all I know, I just coined it. It just seems like a way to describe how many security attacks go. It's the opposite of normal computer programming, where you (hopefully) have nice, clean APIs where all the relevant functionality is all in one place. Instead, you're trying to mash something from over here into the slot over there.