Murphy's Law applied to Internet Security

Question

I'm a fanatic of Murphy's Law and I have it in mind at programming time. There are a lot of "applied" versions in a variety of fields. Maybe (as stack overflow users) we can compile a list of them applied to Internet Security. I suggest this because in times of phishing, XSS, CSRF and a lot more of treats surrounding the programmer and the users it would be a good idea to have a list of what to expect in order to keep track of possible vulnerabilities in your apps and systems.

An example would be: "Vulnerabilities appears spontaneously but they don't disappear in the same way".

Please show your ideas about it. Thanks in advance.

Answer 1

"Expect the unexpected." (Richie ducks 8-)

Answer 2

"Any time you encounter a security hole, you can only find more."

Answer 3

The best way past a pesky security feature is a 13-year-old.

Answer 4

This is one I have found today:

An "unbreakable" security solution is recognized because once it's broken it let the system completely open and vulnerable.

Answer 5

Your security system will successfully prevent you from following up on what the crackers did.

Answer 6

The more you ask professionals, the more you have security holes.

Answer 7

Impenetrable security isn't.

Answer 8

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.

-- Eugene H. Spafford