Security vulnerabilities posed by third-party software components in Component Based Development (CBD) is a serious impediment to its adoption in areas that offer great economic potential, particularly in areas such as embedded software and large-scale enterprise software. They raise questions about reliability and integrity of components, as well as the risks posed by any malicious code. This paper is a discussion of factors that affect component security and ways of assuring component security. Using a simplified model of Sendmail, it also outlines a formal framework that fits in with Communicating Sequential Processes (CSP) for modelling and analysis of component security.