Suh et al. (2004) propose a wonderful method for tracking taintedness, and denying dangerous operations. It's elegant, easy to understand, cheap in terms of performance hit, and effective. The only problem is... it would require re-designing the hardware (CPUs) to support it. I wish it would happen, but I'm not holding my breath. Perhaps virtual machines could help until it happens, and even make it happen?