Roger Johnston's Security Maxims

I was reminded of Roger Johnston's great list of Security Maxims while listening to a recent (#215) episode of Security Now. Well worth reading.

For example:

Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.