A number of software vulnerabilities can be avoided by being diligent about validating input from any untrusted sources. Whether it is user input from a user interface, command-line arguments being passed into a program, environmental variables, or data from third parties, the software application should be wary of it and validate it accordingly.

In the case of data from a third party, that party may have security policies and standards that differ from your own, so a software application should check the data that it receives from an external entity to ensure that it is valid.