Information Security Education Journal Ziyuan Meng 8 2 2021 https://doi.org/10.6025/isej/2021/8/2/65-74 https://www.dline.info/isej/fulltext/v8n2/isejv8n2_3.pdf The computer security research community today still lacks a theoretical understanding of the essence of security vulnerabilities. The article argues that the prevailing reductionism in computer science theory leads to insecure coding practice, and Immanuel Kant’s philosophy of mind sheds light on what makes software secure. In particular, Kant’s constructivist conceptualization of the mind and his theory on the unity of the mental faculties inspire us to develop a new, non-reductionist approach to software vulnerability problems. We argue that a computer program can possess some structural similarities to the human mind. Similar to the unity of human mind, there is also a functional unity or ‘integration’ in any given program. In the light of this similarity, a cyber-attack can be viewed as operations to compromise a computer program’s original function by violating its internal integration. To illustrate the point, we provide a detailed analysis of two examples of data-only attacks, a new emerging threat to software security. In each case study, we examine the internal, functional integration of the case program and how data-only attacks affect the integration. The result shows a direct correlation between functional integration and the security of software. In the end, we propose a new technical normativity of cultivating to supplement that of coding.