a great part of Doug Crockford's Seif project presentation:

• Difficulty of software security:
• Does what it should
• Doesn't do what it shouldn't
• No software is initially secure
• Only a minimal approach can produce software that is eventually secure