@emily I was thinking "program"="executable". that's the undergrad CS definition I received, roughly. fair point though.
I think the object capability idea appeals to me because it does look towards a solution by inverting the dependency relationships in code but actually requiring that at an OS level so you have a formalism where you can reason about capabilities across programs. you can make summaries about caps for ensembles of programs, like show which programs can talk to each other, prove that X program can only send your location over local network connections, etc