Control flow is the order in which a program executes its instructions. It includes branches, loops, function calls, exceptions, and jumps that determine what runs next. In readable code, control flow is easy to follow; in obfuscated code, it may be hidden behind dense expressions, indirect jumps, or confusing logic.
Cyber security teams care about control flow because many bugs and malicious behaviors depend on it. An attacker may alter control flow to bypass checks, redirect execution, or trigger unsafe paths, while defenders use static analysis, code review, and reverse engineering to reconstruct how software actually behaves. When control flow is hard to understand, security reviews take longer and subtle flaws are easier to miss, so clear program structure is a practical defense.